aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix couple of cases where incorrect handling of keyword parsing errors would lead to access of uninitialized memory. Found by clang.

Browse Source
remotes/origin/master-1.1.x
Victor Julien 15 years ago
parent 7dc4b164a8
commit 3f47eade6b
8 changed files with 63 additions and 34 deletions
Show Stats Download Patch File Download Diff File

14
src/detect-flow.c
Unescape Escape View File

@ -164,6 +164,7 @@ DetectFlowData *DetectFlowParse (char *flowstr)
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 ", string %s", ret, flowstr); SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 ", string %s", ret, flowstr);
goto error; goto error;
} }
if (ret > 1) { if (ret > 1) {
const char *str_ptr; const char *str_ptr;
res = pcre_get_substring((char *)flowstr, ov, MAX_SUBSTRINGS, 1, &str_ptr); res = pcre_get_substring((char *)flowstr, ov, MAX_SUBSTRINGS, 1, &str_ptr);
@ -265,15 +266,20 @@ DetectFlowData *DetectFlowParse (char *flowstr)
} }
} }
for (i = 0; i < (ret -1); i++){ for (i = 0; i < (ret -1); i++){
if (args[i] != NULL) SCFree(args[i]); if (args[i] != NULL)
SCFree(args[i]);
} }
return fd; return fd;
error: error:
for (i = 0; i < (ret -1); i++){ /* ret can be higher than 3 */
if (args[i] != NULL) SCFree(args[i]); for (i = 0; i < (ret - 1) && i < 4; i++){
if (args[i] != NULL)
SCFree(args[i]);
} }
if (fd != NULL) DetectFlowFree(fd);
if (fd != NULL)
DetectFlowFree(fd);
return NULL; return NULL;
} }

11
src/detect-icode.c
Unescape Escape View File

@ -197,15 +197,18 @@ DetectICodeData *DetectICodeParse(char *icodestr) {
} }
for (i = 0; i < (ret-1); i++) { for (i = 0; i < (ret-1); i++) {
if (args[i] != NULL) SCFree(args[i]); if (args[i] != NULL)
SCFree(args[i]);
} }
return icd; return icd;
error: error:
for (i = 0; i < (ret-1); i++) { for (i = 0; i < (ret-1) && i < 4; i++) {
if (args[i] != NULL) SCFree(args[i]); if (args[i] != NULL)
SCFree(args[i]);
} }
if (icd != NULL) DetectICodeFree(icd); if (icd != NULL)
DetectICodeFree(icd);
return NULL; return NULL;
} }

12
src/detect-ipproto.c
Unescape Escape View File

@ -114,6 +114,7 @@ static DetectIPProtoData *DetectIPProtoParse(const char *optstr)
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, optstr); SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, optstr);
goto error; goto error;
} }
for (i = 0; i < (ret - 1); i++) { for (i = 0; i < (ret - 1); i++) {
res = pcre_get_substring((char *)optstr, ov, MAX_SUBSTRINGS, res = pcre_get_substring((char *)optstr, ov, MAX_SUBSTRINGS,
i + 1, &str_ptr); i + 1, &str_ptr);
@ -153,15 +154,18 @@ static DetectIPProtoData *DetectIPProtoParse(const char *optstr)
} }
for (i = 0; i < (ret - 1); i++){ for (i = 0; i < (ret - 1); i++){
if (args[i] != NULL) SCFree(args[i]); if (args[i] != NULL)
SCFree(args[i]);
} }
return data; return data;
error: error:
for (i = 0; i < (ret - 1); i++){ for (i = 0; i < (ret - 1) && i < 3; i++){
if (args[i] != NULL) SCFree(args[i]); if (args[i] != NULL)
SCFree(args[i]);
} }
if (data != NULL) SCFree(data); if (data != NULL)
SCFree(data);
return NULL; return NULL;
} }

11
src/detect-isdataat.c
Unescape Escape View File

@ -201,7 +201,8 @@ DetectIsdataatData *DetectIsdataatParse (char *isdataatstr)
} }
for (i = 0; i < (ret -1); i++) { for (i = 0; i < (ret -1); i++) {
if (args[i] != NULL) SCFree(args[i]); if (args[i] != NULL)
SCFree(args[i]);
} }
return idad; return idad;
@ -210,11 +211,13 @@ DetectIsdataatData *DetectIsdataatParse (char *isdataatstr)
error: error:
for (i = 0; i < (ret -1); i++){ for (i = 0; i < (ret -1) && i < 4; i++){
if (args[i] != NULL) SCFree(args[i]); if (args[i] != NULL)
SCFree(args[i]);
} }
if (idad != NULL) DetectIsdataatFree(idad); if (idad != NULL)
DetectIsdataatFree(idad);
return NULL; return NULL;
} }

11
src/detect-itype.c
Unescape Escape View File

@ -197,15 +197,18 @@ DetectITypeData *DetectITypeParse(char *itypestr) {
} }
for (i = 0; i < (ret-1); i++) { for (i = 0; i < (ret-1); i++) {
if (args[i] != NULL) SCFree(args[i]); if (args[i] != NULL)
SCFree(args[i]);
} }
return itd; return itd;
error: error:
for (i = 0; i < (ret-1); i++) { for (i = 0; i < (ret-1) && i < 4; i++) {
if (args[i] != NULL) SCFree(args[i]); if (args[i] != NULL)
SCFree(args[i]);
} }
if (itd != NULL) DetectITypeFree(itd); if (itd != NULL)
DetectITypeFree(itd);
return NULL; return NULL;
} }

12
src/detect-rpc.c
Unescape Escape View File

@ -171,6 +171,7 @@ DetectRpcData *DetectRpcParse (char *rpcstr)
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 ", string %s", ret, rpcstr); SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 ", string %s", ret, rpcstr);
goto error; goto error;
} }
if (ret > 1) { if (ret > 1) {
const char *str_ptr; const char *str_ptr;
res = pcre_get_substring((char *)rpcstr, ov, MAX_SUBSTRINGS, 1, &str_ptr); res = pcre_get_substring((char *)rpcstr, ov, MAX_SUBSTRINGS, 1, &str_ptr);
@ -242,15 +243,18 @@ DetectRpcData *DetectRpcParse (char *rpcstr)
} }
} }
for (i = 0; i < (ret -1); i++){ for (i = 0; i < (ret -1); i++){
if (args[i] != NULL) SCFree(args[i]); if (args[i] != NULL)
SCFree(args[i]);
} }
return rd; return rd;
error: error:
for (i = 0; i < (ret -1); i++){ for (i = 0; i < (ret -1) && i < 4; i++){
if (args[i] != NULL) SCFree(args[i]); if (args[i] != NULL)
SCFree(args[i]);
} }
if (rd != NULL) DetectRpcFree(rd); if (rd != NULL)
DetectRpcFree(rd);
return NULL; return NULL;
} }

12
src/detect-window.c
Unescape Escape View File

@ -142,7 +142,6 @@ DetectWindowData *DetectWindowParse(char *windowstr) {
if (wd == NULL) if (wd == NULL)
goto error; goto error;
if (ret > 1) { if (ret > 1) {
const char *str_ptr; const char *str_ptr;
res = pcre_get_substring((char *)windowstr, ov, MAX_SUBSTRINGS, 1, &str_ptr); res = pcre_get_substring((char *)windowstr, ov, MAX_SUBSTRINGS, 1, &str_ptr);
@ -173,15 +172,18 @@ DetectWindowData *DetectWindowParse(char *windowstr) {
int i = 0; int i = 0;
for (i = 0; i < (ret -1); i++){ for (i = 0; i < (ret -1); i++){
if (args[i] != NULL) SCFree(args[i]); if (args[i] != NULL)
SCFree(args[i]);
} }
return wd; return wd;
error: error:
for (i = 0; i < (ret -1); i++){ for (i = 0; i < (ret -1) && i < 4; i++){
if (args[i] != NULL) SCFree(args[i]); if (args[i] != NULL)
SCFree(args[i]);
} }
if (wd != NULL) DetectWindowFree(wd); if (wd != NULL)
DetectWindowFree(wd);
return NULL; return NULL;
} }

6
src/detect.c
Unescape Escape View File

@ -5512,7 +5512,7 @@ static int SigTest20Wm (void) {
static int SigTest21Real (int mpm_type) { static int SigTest21Real (int mpm_type) {
ThreadVars th_v; ThreadVars th_v;
memset(&th_v, 0, sizeof(th_v)); memset(&th_v, 0, sizeof(th_v));
DetectEngineThreadCtx *det_ctx; DetectEngineThreadCtx *det_ctx = NULL;
int result = 0; int result = 0;
Flow f; Flow f;
@ -5572,10 +5572,14 @@ static int SigTest21Real (int mpm_type) {
result = 1; result = 1;
end: end:
if (de_ctx != NULL) {
SigGroupCleanup(de_ctx); SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx); SigCleanSignatures(de_ctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
}
DetectEngineCtxFree(de_ctx); DetectEngineCtxFree(de_ctx);
UTHFreePackets(&p1, 1); UTHFreePackets(&p1, 1);
UTHFreePackets(&p2, 1); UTHFreePackets(&p2, 1);

Write Preview
Loading…
Cancel
Save