[Bro-Dev] [JIRA] (BIT-1442) Prevent possible segmentation violation/faults in Bro-2.3.2

Tue Oct 20 09:48:01 PDT 2015

     [ https://bro-tracker.atlassian.net/browse/BIT-1442?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Johanna Amann updated BIT-1442:
-------------------------------
    Resolution: Invalid
        Status: Closed  (was: Open)

I took a look at this - the bro.c patch is for broccoli. Broccoli is deprecated and will go away - because this looks like a very small edge case it is probably not worth it at this time to put this kind of fixes in.

The second patch concerns the SWIG bindings of pysubnettree. This code is autogenerated by SWIG. On a first glance I am not sure if this case can ever occur (I suspect not), but if you think it might be a problem please report it to the upstream project (SWIG).

> Prevent possible segmentation violation/faults in Bro-2.3.2
> -----------------------------------------------------------
>
>                 Key: BIT-1442
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1442
>             Project: Bro Issue Tracker
>          Issue Type: Patch
>          Components: bro-aux, Broccoli
>    Affects Versions: 2.3
>         Environment: Linux/Windows/BSD, etc
>            Reporter: Bill Parker
>              Labels: Segmentation, Violation, fault
>         Attachments: bro.c.patch, SubnetTree_wrap.cc.patch
>
>
> Hello All,
>    In reviewing calls to memset() in Bro-2.3.2, I came across a
> pair of instances where memset could POSSIBLY be called with a
> address area pointing to NULL, which would generate a segmentation
> violation/fault during execution.  The patch files below should
> address these issues:
> In directory 'bro-2.3.2/aux/broctl/aux/pysubnettree', file
> 'SubnetTree_wrap.cc':
> --- SubnetTree_wrap.cc.orig	2015-08-02 18:56:24.034212101 -0400
> +++ SubnetTree_wrap.cc	2015-08-02 18:59:11.242212101 -0400
> @@ -719,6 +719,8 @@
>  SWIG_UnpackDataName(const char *c, void *ptr, size_t sz, const char *name) {
>    if (*c != '_') {
>      if (strcmp(c,"NULL") == 0) {
> +      if (ptr == NULL) /* on off chance that ptr is NULL, memset()  */
> +		 return 0;      /* will segment violation/fault, so return 0 */
>        memset(ptr,0,sz);
>        return name;
>      } else {
> In directory 'bro-2.3.2/aux/broccoli/src', file 'bro.c':
> --- bro.c.orig	2015-08-02 19:04:00.161212101 -0400
> +++ bro.c	2015-08-02 19:05:15.608212101 -0400
> @@ -367,6 +367,9 @@
>  void
>  bro_ctx_init(BroCtx *ctx)
>  {
> +  if (! ctx) /* paranoid, ctx must NOT be NULL	*/
> +    return;
> +
>    memset(ctx, 0, sizeof(BroCtx));
>  }
>  
> Comments, Questions, Suggestions, Complaints :)
> I am attaching the patch file(s) to this bug report...
> Bill Parker (wp02855 at gmail dot com)

--
This message was sent by Atlassian JIRA
(v7.0.0-OD-08-002#70107)