[Bro-Dev] [JIRA] (BIT-1423) Add power of 2 test to file 'cq.c', test for overflow in 'nb_dns.c'

Robin Sommer (JIRA) jira at bro-tracker.atlassian.net
Tue Jun 9 07:05:01 PDT 2015 

     [ https://bro-tracker.atlassian.net/browse/BIT-1423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Robin Sommer updated BIT-1423:
------------------------------
    Fix Version/s: 2.5

>  Add power of 2 test to file 'cq.c', test for overflow in 'nb_dns.c'
> --------------------------------------------------------------------
>
>                 Key: BIT-1423
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1423
>             Project: Bro Issue Tracker
>          Issue Type: New Feature
>          Components: Bro
>    Affects Versions: 2.3
>         Environment: Source Code Requested Fixes
>            Reporter: Bill Parker
>              Labels: Enhancement
>             Fix For: 2.5
>
>         Attachments: nb_dns.c.patch
>
>
> Hello All,
>    Here is a hunk of code which is a FIXME to the following statement:
>         /* XXX could check that nbuckets is a power of 2 */
> In directory 'src', file 'cq.c'
> The patch file which adds this test is below:		
> --- cq.c.orig   2015-06-06 19:01:58.220926680 -0700
> +++ cq.c        2015-06-06 19:13:03.233446352 -0700
> @@ -444,6 +444,9 @@
>  
>         /* XXX could check that nbuckets is a power of 2 */
>  
> +       if ((nbuckets % 2) != 0) {  /* modulus of nbuckets and 2 isn't zero, not a power of 2 */
> +           return (-1);            /* should we send error message to stderr? */
> +       }
>         size = sizeof(*buckets) * nbuckets;
>         buckets = (struct cq_bucket *)malloc(size);
>         memory_allocation += size;
> 		
> If the modulus returned is zero, then nbuckets is some power of 2...
> Upon further review, this is actually incorrect, and should be implemented as a lookup table for actual powers of 2, since any even value will return a modulus of zero.  Here is a link which will implement the request properly (my bad):
> http://www.exploringbinary.com/ten-ways-to-check-if-an-integer-is-a-power-of-two-in-c/
> ====================================================================
> In directory 'src', file 'nb_dns.c', there is a XXX comment/request
> to check for overflow in function 'nb_dns_activity', the patch file
> below implements the test for overflow (which should be correct
> from review of T_TXT code above this):
> --- nb_dns.c.orig       2015-06-06 19:29:49.447330962 -0700
> +++ nb_dns.c    2015-06-06 19:32:14.693791040 -0700
> @@ -614,6 +614,12 @@
>                         }
>                         he->h_name = bp;
>                         /* XXX check for overflow */
> +                       if (bp + n >= ep) {
> +                               snprintf(errstr, NB_DNS_ERRSIZE,
> +                                   "nb dns activity(): overflow 1 for ptr");
> +                               nr->host_errno = NO_RECOVERY;
> +                               return (-1);
> +                       }
>                         bp += n;                /* returned len includes EOS */
>  
>                         /* "Find first satisfactory answer" */
> 						
> I am attaching the patch file(s) to this bug report
> Bill Parker (wp02855 at gmail dot com)



--
This message was sent by Atlassian JIRA
(v6.5-OD-05-041#65001)

More information about the bro-dev mailing list