[Bro-Dev] [JIRA] (BIT-1415) Lack of Sanity Checking in file patricia.c in Bro-2.3.2

Robin Sommer (JIRA) jira at bro-tracker.atlassian.net
Mon Jun 8 08:14:01 PDT 2015


     [ https://bro-tracker.atlassian.net/browse/BIT-1415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Robin Sommer updated BIT-1415:
------------------------------
    Fix Version/s: 2.5

> Lack of Sanity Checking in file patricia.c in Bro-2.3.2
> -------------------------------------------------------
>
>                 Key: BIT-1415
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1415
>             Project: Bro Issue Tracker
>          Issue Type: Patch
>          Components: bro-aux
>    Affects Versions: 2.3
>         Environment: Unix/Linux/Windows (lack of sanity checking)
>            Reporter: Bill Parker
>              Labels: broctl
>             Fix For: 2.5
>
>         Attachments: patricia.c.patch
>
>
> Hello All,
>    In reviewing source code in Bro-2.3.2, I found several instances of missing sanity checks
> for calls to calloc() in file 'patricia.c' in directory 'aux/broctl/aux/pysubnettree', where calls
> to calloc() are not checked for a return value of NULL, indicating failure.  The patch file below corrects/addresses these issues:
> --- patricia.c.orig     2015-06-05 13:25:12.749964570 -0700
> +++ patricia.c  2015-06-05 13:36:05.432917217 -0700
> @@ -265,7 +265,10 @@
>                         //prefix4_t size incorrect on NT
>                         prefix = calloc(1, sizeof (prefix_t));
>  #endif /* NT */
> -
> +                       if (prefix == NULL) {   /* we tried to allocate memory again, and failed... */
> +                           fprintf(stderr, "Unable to allocate memory for prefix...\n");
> +                           return (prefix);    /* can we return NULL here? */
> +                       }
>                         dynamic_allocated++;
>                 }
>                 memcpy (&prefix->add.sin, dest, 4);
> @@ -396,6 +399,10 @@
>  New_Patricia (int maxbits)
>  {
>      patricia_tree_t *patricia = calloc(1, sizeof *patricia);
> +    if (patricia == NULL) { /* oops, calloc() failed, now what? */
> +       fprintf(stderr, "Unable to allocate memory in New_Patricia...\n");
> +       return (patricia);  /* can we return NULL here? */
> +    }
>  
>      patricia->maxbits = maxbits;
>      patricia->head = NULL;
> @@ -665,6 +672,10 @@
>  
>      if (patricia->head == NULL) {
>         node = calloc(1, sizeof *node);
> +       if (node == NULL) { /* oops, memory allocation failed...    */
> +           fprintf(stderr, "Unable to allocate memory for patricia_lookup...\n");
> +           return NULL;    /* can we return NULL here???   */
> +       }
>         node->bit = prefix->bitlen;
>         node->prefix = Ref_Prefix (prefix);
>         node->parent = NULL;
> @@ -776,6 +787,11 @@
>      }
>  
>      new_node = calloc(1, sizeof *new_node);
> +    if (new_node == NULL) { /* oops, unable to allocate memory for new_node */
> +       fprintf(stderr, "Unable to allocate memory for new_node in patricia_lookup...\n");
> +       free(node);
> +       return (NULL);  /* can we return NULL here? */
> +    }
>      new_node->bit = prefix->bitlen;
>      new_node->prefix = Ref_Prefix (prefix);
>      new_node->parent = NULL;
> @@ -828,6 +844,12 @@
>      }
>      else {
>          glue = calloc(1, sizeof *glue);
> +       if (glue == NULL) {   /* oops, unable to allocate memory for glue...  */
> +           fprintf(stderr, "Unable to allocate memory for glue in patricia_lookup...\n");
> +           free(new_node);
> +           free(node);
> +           return (glue);  /* can we return NULL here? */
> +       }
>          glue->bit = differ_bit;
>          glue->prefix = NULL;
>          glue->parent = node->parent;



--
This message was sent by Atlassian JIRA
(v6.5-OD-05-041#65001)


More information about the bro-dev mailing list