[Bro-Dev] [JIRA] (BIT-1423) Add power of 2 test to file 'cq.c', test for overflow in 'nb_dns.c'
Bill Parker (JIRA)
jira at bro-tracker.atlassian.net
Mon Jun 8 11:05:01 PDT 2015
Bill Parker created BIT-1423:
--------------------------------
Summary: Add power of 2 test to file 'cq.c', test for overflow in 'nb_dns.c'
Key: BIT-1423
URL: https://bro-tracker.atlassian.net/browse/BIT-1423
Project: Bro Issue Tracker
Issue Type: New Feature
Components: Bro
Affects Versions: 2.3
Environment: Source Code Requested Fixes
Reporter: Bill Parker
Attachments: nb_dns.c.patch
Hello All,
Here is a hunk of code which is a FIXME to the following statement:
/* XXX could check that nbuckets is a power of 2 */
In directory 'src', file 'cq.c'
The patch file which adds this test is below:
--- cq.c.orig 2015-06-06 19:01:58.220926680 -0700
+++ cq.c 2015-06-06 19:13:03.233446352 -0700
@@ -444,6 +444,9 @@
/* XXX could check that nbuckets is a power of 2 */
+ if ((nbuckets % 2) != 0) { /* modulus of nbuckets and 2 isn't zero, not a power of 2 */
+ return (-1); /* should we send error message to stderr? */
+ }
size = sizeof(*buckets) * nbuckets;
buckets = (struct cq_bucket *)malloc(size);
memory_allocation += size;
If the modulus returned is zero, then nbuckets is some power of 2...
Upon further review, this is actually incorrect, and should be implemented as a lookup table for actual powers of 2, since any even value will return a modulus of zero. Here is a link which will implement the request properly (my bad):
http://www.exploringbinary.com/ten-ways-to-check-if-an-integer-is-a-power-of-two-in-c/
====================================================================
In directory 'src', file 'nb_dns.c', there is a XXX comment/request
to check for overflow in function 'nb_dns_activity', the patch file
below implements the test for overflow (which should be correct
from review of T_TXT code above this):
--- nb_dns.c.orig 2015-06-06 19:29:49.447330962 -0700
+++ nb_dns.c 2015-06-06 19:32:14.693791040 -0700
@@ -614,6 +614,12 @@
}
he->h_name = bp;
/* XXX check for overflow */
+ if (bp + n >= ep) {
+ snprintf(errstr, NB_DNS_ERRSIZE,
+ "nb dns activity(): overflow 1 for ptr");
+ nr->host_errno = NO_RECOVERY;
+ return (-1);
+ }
bp += n; /* returned len includes EOS */
/* "Find first satisfactory answer" */
I am attaching the patch file(s) to this bug report
Bill Parker (wp02855 at gmail dot com)
--
This message was sent by Atlassian JIRA
(v6.5-OD-05-041#65001)
More information about the bro-dev
mailing list