[Bro-Dev] [JIRA] (BIT-1415) Lack of Sanity Checking in file patricia.c in Bro-2.3.2
Robin Sommer (JIRA)
jira at bro-tracker.atlassian.net
Mon Jun 8 08:14:01 PDT 2015
[ https://bro-tracker.atlassian.net/browse/BIT-1415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robin Sommer updated BIT-1415:
------------------------------
Fix Version/s: 2.5
> Lack of Sanity Checking in file patricia.c in Bro-2.3.2
> -------------------------------------------------------
>
> Key: BIT-1415
> URL: https://bro-tracker.atlassian.net/browse/BIT-1415
> Project: Bro Issue Tracker
> Issue Type: Patch
> Components: bro-aux
> Affects Versions: 2.3
> Environment: Unix/Linux/Windows (lack of sanity checking)
> Reporter: Bill Parker
> Labels: broctl
> Fix For: 2.5
>
> Attachments: patricia.c.patch
>
>
> Hello All,
> In reviewing source code in Bro-2.3.2, I found several instances of missing sanity checks
> for calls to calloc() in file 'patricia.c' in directory 'aux/broctl/aux/pysubnettree', where calls
> to calloc() are not checked for a return value of NULL, indicating failure. The patch file below corrects/addresses these issues:
> --- patricia.c.orig 2015-06-05 13:25:12.749964570 -0700
> +++ patricia.c 2015-06-05 13:36:05.432917217 -0700
> @@ -265,7 +265,10 @@
> //prefix4_t size incorrect on NT
> prefix = calloc(1, sizeof (prefix_t));
> #endif /* NT */
> -
> + if (prefix == NULL) { /* we tried to allocate memory again, and failed... */
> + fprintf(stderr, "Unable to allocate memory for prefix...\n");
> + return (prefix); /* can we return NULL here? */
> + }
> dynamic_allocated++;
> }
> memcpy (&prefix->add.sin, dest, 4);
> @@ -396,6 +399,10 @@
> New_Patricia (int maxbits)
> {
> patricia_tree_t *patricia = calloc(1, sizeof *patricia);
> + if (patricia == NULL) { /* oops, calloc() failed, now what? */
> + fprintf(stderr, "Unable to allocate memory in New_Patricia...\n");
> + return (patricia); /* can we return NULL here? */
> + }
>
> patricia->maxbits = maxbits;
> patricia->head = NULL;
> @@ -665,6 +672,10 @@
>
> if (patricia->head == NULL) {
> node = calloc(1, sizeof *node);
> + if (node == NULL) { /* oops, memory allocation failed... */
> + fprintf(stderr, "Unable to allocate memory for patricia_lookup...\n");
> + return NULL; /* can we return NULL here??? */
> + }
> node->bit = prefix->bitlen;
> node->prefix = Ref_Prefix (prefix);
> node->parent = NULL;
> @@ -776,6 +787,11 @@
> }
>
> new_node = calloc(1, sizeof *new_node);
> + if (new_node == NULL) { /* oops, unable to allocate memory for new_node */
> + fprintf(stderr, "Unable to allocate memory for new_node in patricia_lookup...\n");
> + free(node);
> + return (NULL); /* can we return NULL here? */
> + }
> new_node->bit = prefix->bitlen;
> new_node->prefix = Ref_Prefix (prefix);
> new_node->parent = NULL;
> @@ -828,6 +844,12 @@
> }
> else {
> glue = calloc(1, sizeof *glue);
> + if (glue == NULL) { /* oops, unable to allocate memory for glue... */
> + fprintf(stderr, "Unable to allocate memory for glue in patricia_lookup...\n");
> + free(new_node);
> + free(node);
> + return (glue); /* can we return NULL here? */
> + }
> glue->bit = differ_bit;
> glue->prefix = NULL;
> glue->parent = node->parent;
--
This message was sent by Atlassian JIRA
(v6.5-OD-05-041#65001)
More information about the bro-dev
mailing list