[Bro-Dev] [JIRA] (BIT-1442) Prevent possible segmentation violation/faults in Bro-2.3.2

Homayan Ahamed (JIRA) jira at bro-tracker.atlassian.net
Wed Nov 25 19:49:00 PST 2015 

     [ https://bro-tracker.atlassian.net/browse/BIT-1442?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Homayan Ahamed updated BIT-1442:
--------------------------------
        Status: Reopened  (was: Closed)
    Resolution:     (was: Invalid)

> Prevent possible segmentation violation/faults in Bro-2.3.2
> -----------------------------------------------------------
>
>                 Key: BIT-1442
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1442
>             Project: Bro Issue Tracker
>          Issue Type: Patch
>          Components: bro-aux, Broccoli
>    Affects Versions: 2.3
>         Environment: Linux/Windows/BSD, etc
>            Reporter: Bill Parker
>              Labels: Segmentation, Violation, fault
>         Attachments: bro.c.patch, SubnetTree_wrap.cc.patch
>
>
> Hello All,
>    In reviewing calls to memset() in Bro-2.3.2, I came across a
> pair of instances where memset could POSSIBLY be called with a
> address area pointing to NULL, which would generate a segmentation
> violation/fault during execution.  The patch files below should
> address these issues:
> In directory 'bro-2.3.2/aux/broctl/aux/pysubnettree', file
> 'SubnetTree_wrap.cc':
> --- SubnetTree_wrap.cc.orig	2015-08-02 18:56:24.034212101 -0400
> +++ SubnetTree_wrap.cc	2015-08-02 18:59:11.242212101 -0400
> @@ -719,6 +719,8 @@
>  SWIG_UnpackDataName(const char *c, void *ptr, size_t sz, const char *name) {
>    if (*c != '_') {
>      if (strcmp(c,"NULL") == 0) {
> +      if (ptr == NULL) /* on off chance that ptr is NULL, memset()  */
> +		 return 0;      /* will segment violation/fault, so return 0 */
>        memset(ptr,0,sz);
>        return name;
>      } else {
> In directory 'bro-2.3.2/aux/broccoli/src', file 'bro.c':
> --- bro.c.orig	2015-08-02 19:04:00.161212101 -0400
> +++ bro.c	2015-08-02 19:05:15.608212101 -0400
> @@ -367,6 +367,9 @@
>  void
>  bro_ctx_init(BroCtx *ctx)
>  {
> +  if (! ctx) /* paranoid, ctx must NOT be NULL	*/
> +    return;
> +
>    memset(ctx, 0, sizeof(BroCtx));
>  }
>  
> Comments, Questions, Suggestions, Complaints :)
> I am attaching the patch file(s) to this bug report...
> Bill Parker (wp02855 at gmail dot com)



--
This message was sent by Atlassian JIRA
(v7.1.0-OD-01-053#71000)

More information about the bro-dev mailing list