[Bro-Dev] [JIRA] (BIT-1423) Add power of 2 test to file 'cq.c', test for overflow in 'nb_dns.c'

Mon Jun 8 11:05:01 PDT 2015

Bill Parker created BIT-1423:
--------------------------------

             Summary:  Add power of 2 test to file 'cq.c', test for overflow in 'nb_dns.c'
                 Key: BIT-1423
                 URL: https://bro-tracker.atlassian.net/browse/BIT-1423
             Project: Bro Issue Tracker
          Issue Type: New Feature
          Components: Bro
    Affects Versions: 2.3
         Environment: Source Code Requested Fixes
            Reporter: Bill Parker
         Attachments: nb_dns.c.patch

Hello All,

   Here is a hunk of code which is a FIXME to the following statement:

        /* XXX could check that nbuckets is a power of 2 */

In directory 'src', file 'cq.c'

The patch file which adds this test is below:

--- cq.c.orig   2015-06-06 19:01:58.220926680 -0700
+++ cq.c        2015-06-06 19:13:03.233446352 -0700
@@ -444,6 +444,9 @@
 
        /* XXX could check that nbuckets is a power of 2 */
 
+       if ((nbuckets % 2) != 0) {  /* modulus of nbuckets and 2 isn't zero, not a power of 2 */
+           return (-1);            /* should we send error message to stderr? */
+       }
        size = sizeof(*buckets) * nbuckets;
        buckets = (struct cq_bucket *)malloc(size);
        memory_allocation += size;
		
If the modulus returned is zero, then nbuckets is some power of 2...

Upon further review, this is actually incorrect, and should be implemented as a lookup table for actual powers of 2, since any even value will return a modulus of zero.  Here is a link which will implement the request properly (my bad):

http://www.exploringbinary.com/ten-ways-to-check-if-an-integer-is-a-power-of-two-in-c/

====================================================================

In directory 'src', file 'nb_dns.c', there is a XXX comment/request
to check for overflow in function 'nb_dns_activity', the patch file
below implements the test for overflow (which should be correct
from review of T_TXT code above this):

--- nb_dns.c.orig       2015-06-06 19:29:49.447330962 -0700
+++ nb_dns.c    2015-06-06 19:32:14.693791040 -0700
@@ -614,6 +614,12 @@
                        }
                        he->h_name = bp;
                        /* XXX check for overflow */
+                       if (bp + n >= ep) {
+                               snprintf(errstr, NB_DNS_ERRSIZE,
+                                   "nb dns activity(): overflow 1 for ptr");
+                               nr->host_errno = NO_RECOVERY;
+                               return (-1);
+                       }
                        bp += n;                /* returned len includes EOS */
 
                        /* "Find first satisfactory answer" */
						
I am attaching the patch file(s) to this bug report

Bill Parker (wp02855 at gmail dot com)



--
This message was sent by Atlassian JIRA
(v6.5-OD-05-041#65001)
