aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

src: remove multiple uses of atoi

Browse Source 
atoi() and related functions lack a mechanism for reporting errors for
invalid values. Replace them with calls to the appropriate
ByteExtractString* functions.

Partially closes redmine ticket #3053.
pull/4878/head
Shivani Bhardwaj 6 years ago committed by Victor Julien
parent 92bb52f430
commit e7c0f0ad91
14 changed files with 108 additions and 49 deletions
Show Stats Download Patch File Download Diff File

12
src/app-layer-htp.c
Unescape Escape View File

@ -45,6 +45,7 @@
#include "util-pool.h" #include "util-pool.h"
#include "util-radix-tree.h" #include "util-radix-tree.h"
#include "util-file.h" #include "util-file.h"
#include "util-byte.h"
#include "stream-tcp-private.h" #include "stream-tcp-private.h"
#include "stream-tcp-reassemble.h" #include "stream-tcp-reassemble.h"
@ -2794,11 +2795,12 @@ static void HTPConfigParseParameters(HTPCfgRec *cfg_prec, ConfNode *s,
cfg_prec->randomize = ConfValIsTrue(p->val); cfg_prec->randomize = ConfValIsTrue(p->val);
} }
} else if (strcasecmp("randomize-inspection-range", p->name) == 0) { } else if (strcasecmp("randomize-inspection-range", p->name) == 0) {
uint32_t range = atoi(p->val); uint32_t range;
if (range > 100) { if (StringParseU32RangeCheck(&range, 10, 0,
SCLogError(SC_ERR_SIZE_PARSE, "Invalid value for randomize" (const char *)p->val, 0, 100) < 0) {
" inspection range setting from conf file - %s." SCLogError(SC_ERR_INVALID_VALUE, "Invalid value for randomize"
" It should be inferior to 100." "-inspection-range setting from conf file - \"%s\"."
" It should be a valid integer less than or equal to 100."
" Killing engine", " Killing engine",
p->val); p->val);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);

8
src/counters.c
Unescape Escape View File

@ -33,6 +33,7 @@
#include "util-time.h" #include "util-time.h"
#include "util-unittest.h" #include "util-unittest.h"
#include "util-debug.h" #include "util-debug.h"
#include "util-byte.h"
#include "util-privs.h" #include "util-privs.h"
#include "util-signal.h" #include "util-signal.h"
#include "unix-manager.h" #include "unix-manager.h"
@ -251,7 +252,12 @@ static void StatsInitCtxPreOutput(void)
const char *interval = ConfNodeLookupChildValue(stats, "interval"); const char *interval = ConfNodeLookupChildValue(stats, "interval");
if (interval != NULL) if (interval != NULL)
stats_tts = (uint32_t) atoi(interval); if (StringParseUint32(&stats_tts, 10, 0, interval) < 0) {
SCLogWarning(SC_ERR_INVALID_VALUE, "Invalid value for "
"interval: \"%s\". Resetting to %d.", interval,
STATS_MGMTT_TTS);
stats_tts = STATS_MGMTT_TTS;
}
int b; int b;
int ret = ConfGetChildValueBool(stats, "decoder-events", &b); int ret = ConfGetChildValueBool(stats, "decoder-events", &b);

12
src/detect-engine-address.c
Unescape Escape View File

@ -44,6 +44,7 @@
#include "detect-engine-port.h" #include "detect-engine-port.h"
#include "util-debug.h" #include "util-debug.h"
#include "util-byte.h"
#include "util-print.h" #include "util-print.h"
#include "util-var.h" #include "util-var.h"
@ -483,10 +484,9 @@ static int DetectAddressParseString(DetectAddress *dd, const char *str)
goto error; goto error;
} }
int cidr = atoi(mask); int cidr;
if (cidr < 0 || cidr > 32) if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 32) < 0)
goto error; goto error;
netmask = CIDRGet(cidr); netmask = CIDRGet(cidr);
} else { } else {
/* 1.2.3.4/255.255.255.0 format */ /* 1.2.3.4/255.255.255.0 format */
@ -543,9 +543,9 @@ static int DetectAddressParseString(DetectAddress *dd, const char *str)
ip[mask - ip] = '\0'; ip[mask - ip] = '\0';
mask++; mask++;
int cidr = atoi(mask); int cidr;
if (cidr < 0 || cidr > 128) if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 128) < 0)
goto error; goto error;
r = inet_pton(AF_INET6, ip, &in6); r = inet_pton(AF_INET6, ip, &in6);
if (r <= 0) if (r <= 0)

10
src/detect-engine-iponly.c
Unescape Escape View File

@ -53,6 +53,7 @@
#include "util-unittest.h" #include "util-unittest.h"
#include "util-unittest-helper.h" #include "util-unittest-helper.h"
#include "util-print.h" #include "util-print.h"
#include "util-byte.h"
#include "util-profiling.h" #include "util-profiling.h"
#include "util-validate.h" #include "util-validate.h"
@ -165,8 +166,8 @@ static int IPOnlyCIDRItemParseSingle(IPOnlyCIDRItem *dd, const char *str)
goto error; goto error;
} }
int cidr = atoi(mask); int cidr;
if (cidr < 0 || cidr > 32) if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 32) < 0)
goto error; goto error;
dd->netmask = cidr; dd->netmask = cidr;
@ -263,7 +264,10 @@ static int IPOnlyCIDRItemParseSingle(IPOnlyCIDRItem *dd, const char *str)
goto error; goto error;
/* Format is cidr val */ /* Format is cidr val */
dd->netmask = atoi(mask); if (StringParseU8RangeCheck(&dd->netmask, 10, 0,
(const char *)mask, 0, 128) < 0) {
goto error;
}
memcpy(dd->ip, &in6.s6_addr, sizeof(ip6addr)); memcpy(dd->ip, &in6.s6_addr, sizeof(ip6addr));
} else { } else {

12
src/detect-engine.c
Unescape Escape View File

@ -2307,7 +2307,15 @@ static int DetectEngineCtxLoadConf(DetectEngineCtx *de_ctx)
} }
if (insp_recursion_limit != NULL) { if (insp_recursion_limit != NULL) {
de_ctx->inspection_recursion_limit = atoi(insp_recursion_limit); if (StringParseInt32(&de_ctx->inspection_recursion_limit, 10,
0, (const char *)insp_recursion_limit) < 0) {
SCLogWarning(SC_ERR_INVALID_VALUE, "Invalid value for "
"detect-engine.inspection-recursion-limit: %s "
"resetting to %d", insp_recursion_limit,
DETECT_ENGINE_DEFAULT_INSPECTION_RECURSION_LIMIT);
de_ctx->inspection_recursion_limit =
DETECT_ENGINE_DEFAULT_INSPECTION_RECURSION_LIMIT;
}
} else { } else {
de_ctx->inspection_recursion_limit = de_ctx->inspection_recursion_limit =
DETECT_ENGINE_DEFAULT_INSPECTION_RECURSION_LIMIT; DETECT_ENGINE_DEFAULT_INSPECTION_RECURSION_LIMIT;
@ -4299,7 +4307,7 @@ static int DetectEngineTest02(void)
if (de_ctx == NULL) if (de_ctx == NULL)
goto end; goto end;
result = (de_ctx->inspection_recursion_limit == -1); result = (de_ctx->inspection_recursion_limit == DETECT_ENGINE_DEFAULT_INSPECTION_RECURSION_LIMIT);
end: end:
if (de_ctx != NULL) if (de_ctx != NULL)

10
src/detect-id.c
Unescape Escape View File

@ -38,6 +38,7 @@
#include "flow-var.h" #include "flow-var.h"
#include "util-debug.h" #include "util-debug.h"
#include "util-byte.h"
#include "util-unittest.h" #include "util-unittest.h"
#include "util-unittest-helper.h" #include "util-unittest-helper.h"
@ -150,12 +151,9 @@ static DetectIdData *DetectIdParse (const char *idstr)
} }
/* ok, fill the id data */ /* ok, fill the id data */
temp = atoi((char *)tmp_str); if (StringParseU32RangeCheck(&temp, 10, 0, (const char *)tmp_str,
DETECT_IPID_MIN, DETECT_IPID_MAX) < 0) {
if (temp > DETECT_IPID_MAX) { SCLogError(SC_ERR_INVALID_VALUE, "invalid id option '%s'", tmp_str);
SCLogError(SC_ERR_INVALID_VALUE, "invalid id option '%s'. The id option "
"value must be in the range %u - %u",
idstr, DETECT_IPID_MIN, DETECT_IPID_MAX);
return NULL; return NULL;
} }

10
src/detect-xbits.c
Unescape Escape View File

@ -32,6 +32,7 @@
#include "detect-xbits.h" #include "detect-xbits.h"
#include "detect-hostbits.h" #include "detect-hostbits.h"
#include "util-spm.h" #include "util-spm.h"
#include "util-byte.h"
#include "detect-engine-sigorder.h" #include "detect-engine-sigorder.h"
@ -196,7 +197,7 @@ static int DetectXbitParse(DetectEngineCtx *de_ctx,
char fb_cmd_str[16] = "", fb_name[256] = ""; char fb_cmd_str[16] = "", fb_name[256] = "";
char hb_dir_str[16] = ""; char hb_dir_str[16] = "";
enum VarTypes var_type = VAR_TYPE_NOT_SET; enum VarTypes var_type = VAR_TYPE_NOT_SET;
int expire = DETECT_XBITS_EXPIRE_DEFAULT; uint32_t expire = DETECT_XBITS_EXPIRE_DEFAULT;
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret != 2 && ret != 3 && ret != 4 && ret != 5) { if (ret != 2 && ret != 3 && ret != 4 && ret != 5) {
@ -247,10 +248,9 @@ static int DetectXbitParse(DetectEngineCtx *de_ctx,
return -1; return -1;
} }
SCLogDebug("expire_str %s", expire_str); SCLogDebug("expire_str %s", expire_str);
expire = atoi(expire_str); if (StringParseUint32(&expire, 10, 0, (const char *)expire_str) < 0) {
if (expire < 0) { SCLogError(SC_ERR_INVALID_VALUE, "Invalid value for "
SCLogError(SC_ERR_INVALID_VALUE, "expire must be positive. " "expire: \"%s\"", expire_str);
"Got %d (\"%s\")", expire, expire_str);
return -1; return -1;
} }
if (expire == 0) { if (expire == 0) {

15
src/reputation.c
Unescape Escape View File

@ -28,6 +28,7 @@
#include "suricata-common.h" #include "suricata-common.h"
#include "util-error.h" #include "util-error.h"
#include "util-debug.h" #include "util-debug.h"
#include "util-byte.h"
#include "util-ip.h" #include "util-ip.h"
#include "util-radix-tree.h" #include "util-radix-tree.h"
#include "util-unittest.h" #include "util-unittest.h"
@ -251,10 +252,9 @@ static int SRepCatSplitLine(char *line, uint8_t *cat, char *shortname, size_t sh
SCLogDebug("%s, %s", ptrs[0], ptrs[1]); SCLogDebug("%s, %s", ptrs[0], ptrs[1]);
int c = atoi(ptrs[0]); int c;
if (c < 0 || c >= SREP_MAX_CATS) { if (StringParseI32RangeCheck(&c, 10, 0, (const char *)ptrs[0], 0, SREP_MAX_CATS - 1) < 0)
return -1; return -1;
}
*cat = (uint8_t)c; *cat = (uint8_t)c;
strlcpy(shortname, ptrs[1], shortname_len); strlcpy(shortname, ptrs[1], shortname_len);
@ -305,15 +305,12 @@ static int SRepSplitLine(SRepCIDRTree *cidr_ctx, char *line, Address *ip, uint8_
if (strcmp(ptrs[0], "ip") == 0) if (strcmp(ptrs[0], "ip") == 0)
return 1; return 1;
int c = atoi(ptrs[1]); int c, v;
if (c < 0 || c >= SREP_MAX_CATS) { if (StringParseI32RangeCheck(&c, 10, 0, (const char *)ptrs[1], 0, SREP_MAX_CATS - 1) < 0)
return -1; return -1;
}
int v = atoi(ptrs[2]); if (StringParseI32RangeCheck(&v, 10, 0, (const char *)ptrs[2], 0, SREP_MAX_VAL) < 0)
if (v < 0 || v > SREP_MAX_VAL) {
return -1; return -1;
}
if (strchr(ptrs[0], '/') != NULL) { if (strchr(ptrs[0], '/') != NULL) {
SRepCIDRAddNetblock(cidr_ctx, ptrs[0], c, v); SRepCIDRAddNetblock(cidr_ctx, ptrs[0], c, v);

12
src/runmode-af-packet.c
Unescape Escape View File

@ -54,6 +54,7 @@
#include "util-runmodes.h" #include "util-runmodes.h"
#include "util-ioctl.h" #include "util-ioctl.h"
#include "util-ebpf.h" #include "util-ebpf.h"
#include "util-byte.h"
#include "source-af-packet.h" #include "source-af-packet.h"
@ -194,7 +195,11 @@ static void *ParseAFPConfig(const char *iface)
if (strcmp(threadsstr, "auto") == 0) { if (strcmp(threadsstr, "auto") == 0) {
aconf->threads = 0; aconf->threads = 0;
} else { } else {
aconf->threads = atoi(threadsstr); if (StringParseInt32(&aconf->threads, 10, 0, (const char *)threadsstr) < 0) {
SCLogWarning(SC_ERR_INVALID_VALUE, "Invalid number of "
"threads, resetting to default");
aconf->threads = 0;
}
} }
} }
} }
@ -289,7 +294,10 @@ static void *ParseAFPConfig(const char *iface)
if (ConfGetChildValueWithDefault(if_root, if_default, "cluster-id", &tmpclusterid) != 1) { if (ConfGetChildValueWithDefault(if_root, if_default, "cluster-id", &tmpclusterid) != 1) {
aconf->cluster_id = (uint16_t)(cluster_id_auto++); aconf->cluster_id = (uint16_t)(cluster_id_auto++);
} else { } else {
aconf->cluster_id = (uint16_t)atoi(tmpclusterid); if (StringParseInt32(&aconf->cluster_id, 10, 0, (const char *)tmpclusterid) < 0) {
SCLogWarning(SC_ERR_INVALID_VALUE, "Invalid cluster_id, resetting to 0");
aconf->cluster_id = 0;
}
SCLogDebug("Going to use cluster-id %" PRId32, aconf->cluster_id); SCLogDebug("Going to use cluster-id %" PRId32, aconf->cluster_id);
} }

9
src/runmode-napatech.c
Unescape Escape View File

@ -30,6 +30,7 @@
#include "util-debug.h" #include "util-debug.h"
#include "util-time.h" #include "util-time.h"
#include "util-cpu.h" #include "util-cpu.h"
#include "util-byte.h"
#include "util-affinity.h" #include "util-affinity.h"
#include "util-runmodes.h" #include "util-runmodes.h"
#include "util-device.h" #include "util-device.h"
@ -195,8 +196,12 @@ static void *NapatechConfigParser(const char *device)
return NULL; return NULL;
} }
/* device+5 is a pointer to the beginning of the stream id after the constant nt portion */ /* device+2 is a pointer to the beginning of the stream id after the constant nt portion */
conf->stream_id = atoi(device + 2); if (StringParseUint16(&conf->stream_id, 10, 0, device + 2) < 0) {
SCLogError(SC_ERR_INVALID_VALUE, "Invalid value for stream_id: %s", device + 2);
SCFree(conf);
return NULL;
}
/* Set the host buffer allowance for this stream /* Set the host buffer allowance for this stream
* Right now we just look at the global default - there is no per-stream hba configuration * Right now we just look at the global default - there is no per-stream hba configuration

7
src/runmode-netmap.c
Unescape Escape View File

@ -51,6 +51,7 @@
#include "util-device.h" #include "util-device.h"
#include "util-runmodes.h" #include "util-runmodes.h"
#include "util-ioctl.h" #include "util-ioctl.h"
#include "util-byte.h"
#include "source-netmap.h" #include "source-netmap.h"
@ -148,7 +149,11 @@ static int ParseNetmapSettings(NetmapIfaceSettings *ns, const char *iface,
ns->threads = 0; ns->threads = 0;
ns->threads_auto = true; ns->threads_auto = true;
} else { } else {
ns->threads = atoi(threadsstr); if (StringParseUint16(&ns->threads, 10, 0, threadsstr) < 0) {
SCLogWarning(SC_ERR_INVALID_VALUE, "Invalid config value for "
"threads: %s, resetting to 0", threadsstr);
ns->threads = 0;
}
} }
} }

7
src/runmode-pcap.c
Unescape Escape View File

@ -31,6 +31,7 @@
#include "util-runmodes.h" #include "util-runmodes.h"
#include "util-atomic.h" #include "util-atomic.h"
#include "util-misc.h" #include "util-misc.h"
#include "util-byte.h"
const char *RunModeIdsGetDefaultMode(void) const char *RunModeIdsGetDefaultMode(void)
{ {
@ -144,7 +145,11 @@ static void *ParsePcapConfig(const char *iface)
aconf->threads = 1; aconf->threads = 1;
} else { } else {
if (threadsstr != NULL) { if (threadsstr != NULL) {
aconf->threads = atoi(threadsstr); if (StringParseInt32(&aconf->threads, 10, 0, (const char *)threadsstr) < 0) {
SCLogWarning(SC_ERR_INVALID_VALUE, "Invalid value for "
"pcap.threads: %s, resetting to 1", threadsstr);
aconf->threads = 1;
}
} }
} }
if (aconf->threads == 0) { if (aconf->threads == 0) {

31
src/runmode-pfring.c
Unescape Escape View File

@ -30,6 +30,7 @@
#include "util-runmodes.h" #include "util-runmodes.h"
#include "util-device.h" #include "util-device.h"
#include "util-ioctl.h" #include "util-ioctl.h"
#include "util-byte.h"
#ifdef HAVE_PFRING #ifdef HAVE_PFRING
#include <pfring.h> #include <pfring.h>
@ -123,7 +124,11 @@ static void *OldParsePfringConfig(const char *iface)
pfconf->threads = 1; pfconf->threads = 1;
} else { } else {
if (threadsstr != NULL) { if (threadsstr != NULL) {
pfconf->threads = atoi(threadsstr); if (StringParseUint16(&pfconf->threads, 10, 0, threadsstr) < 0) {
SCLogWarning(SC_ERR_INVALID_VALUE, "Invalid value for "
"pfring.threads: '%s'. Resetting to 1.", threadsstr);
pfconf->threads = 1;
}
} }
} }
if (pfconf->threads == 0) { if (pfconf->threads == 0) {
@ -141,7 +146,11 @@ static void *OldParsePfringConfig(const char *iface)
} else if (ConfGet("pfring.cluster-id", &tmpclusterid) != 1) { } else if (ConfGet("pfring.cluster-id", &tmpclusterid) != 1) {
SCLogError(SC_ERR_INVALID_ARGUMENT,"Could not get cluster-id from config"); SCLogError(SC_ERR_INVALID_ARGUMENT,"Could not get cluster-id from config");
} else { } else {
pfconf->cluster_id = (uint16_t)atoi(tmpclusterid); if (StringParseUint16(&pfconf->cluster_id, 10, 0, (const char *)tmpclusterid) < 0) {
SCLogWarning(SC_ERR_INVALID_VALUE, "Invalid value for "
"pfring.cluster_id: '%s'. Resetting to 1.", tmpclusterid);
pfconf->cluster_id = 1;
}
pfconf->flags |= PFRING_CONF_FLAGS_CLUSTER; pfconf->flags |= PFRING_CONF_FLAGS_CLUSTER;
SCLogDebug("Going to use cluster-id %" PRId32, pfconf->cluster_id); SCLogDebug("Going to use cluster-id %" PRId32, pfconf->cluster_id);
} }
@ -255,7 +264,11 @@ static void *ParsePfringConfig(const char *iface)
} }
} }
} else { } else {
pfconf->threads = atoi(threadsstr); if (StringParseUint16(&pfconf->threads, 10, 0, (const char *)threadsstr) < 0) {
SCLogWarning(SC_ERR_INVALID_VALUE, "Invalid value for "
"pfring.threads: '%s'. Resetting to 1.", threadsstr);
pfconf->threads = 1;
}
} }
} }
if (pfconf->threads <= 0) { if (pfconf->threads <= 0) {
@ -267,7 +280,11 @@ static void *ParsePfringConfig(const char *iface)
/* command line value has precedence */ /* command line value has precedence */
if (ConfGet("pfring.cluster-id", &tmpclusterid) == 1) { if (ConfGet("pfring.cluster-id", &tmpclusterid) == 1) {
pfconf->cluster_id = (uint16_t)atoi(tmpclusterid); if (StringParseUint16(&pfconf->cluster_id, 10, 0, (const char *)tmpclusterid) < 0) {
SCLogWarning(SC_ERR_INVALID_VALUE, "Invalid value for "
"pfring.cluster-id: '%s'. Resetting to 1.", tmpclusterid);
pfconf->cluster_id = 1;
}
pfconf->flags |= PFRING_CONF_FLAGS_CLUSTER; pfconf->flags |= PFRING_CONF_FLAGS_CLUSTER;
SCLogDebug("Going to use command-line provided cluster-id %" PRId32, SCLogDebug("Going to use command-line provided cluster-id %" PRId32,
pfconf->cluster_id); pfconf->cluster_id);
@ -283,7 +300,11 @@ static void *ParsePfringConfig(const char *iface)
SCLogError(SC_ERR_INVALID_ARGUMENT, SCLogError(SC_ERR_INVALID_ARGUMENT,
"Could not get cluster-id from config"); "Could not get cluster-id from config");
} else { } else {
pfconf->cluster_id = (uint16_t)atoi(tmpclusterid); if (StringParseUint16(&pfconf->cluster_id, 10, 0, (const char *)tmpclusterid) < 0) {
SCLogWarning(SC_ERR_INVALID_VALUE, "Invalid value for "
"pfring.cluster-id: '%s'. Resetting to 1.", tmpclusterid);
pfconf->cluster_id = 1;
}
pfconf->flags |= PFRING_CONF_FLAGS_CLUSTER; pfconf->flags |= PFRING_CONF_FLAGS_CLUSTER;
SCLogDebug("Going to use cluster-id %" PRId32, pfconf->cluster_id); SCLogDebug("Going to use cluster-id %" PRId32, pfconf->cluster_id);
} }

2
src/source-netmap.h
Unescape Escape View File

@ -48,7 +48,7 @@ typedef struct NetmapIfaceSettings_
bool ips; /**< set to true if checksum_mode != NETMAP_COPY_MODE_NONE */ bool ips; /**< set to true if checksum_mode != NETMAP_COPY_MODE_NONE */
bool threads_auto; bool threads_auto;
int threads; uint16_t threads;
int copy_mode; int copy_mode;
ChecksumValidationMode checksum_mode; ChecksumValidationMode checksum_mode;
const char *bpf_filter; const char *bpf_filter;

Write Preview
Loading…
Cancel
Save