Project

General

Profile

Actions

Bug #1443

closed

deprecated library calls

Added by Bill Parker almost 9 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Hello All,

In reviewing source code in Suricata-2.0.6, in directory
'libhtp/test', file 'test.c', I found an instance where a call
to malloc() is made, without a check for a return value of NULL
which indicates failure. The patch file below corrects this
issue:
--- test.c.orig 2015-04-07 13:16:31.699798616 -0700
+++ test.c      2015-04-07 13:18:43.828591506 -0700
@@ -120,6 +120,9 @@
     }

     test->buf = malloc(buf.st_size * clone_count + clone_count - 1);
+    if (test->buf == NULL) {
+       return -1;
+    }
     test->len = 0;
     test->pos = 0;

In directory 'src', file 'detect-dce-opnum.c', there are some instances
of the deprecated function call index(), which according to posix
standards, should be replaced by 'strchr()'.  The patch file below
corrects this issue:

--- detect-dce-opnum.c.orig     2015-04-07 13:23:46.631076145 -0700
+++ detect-dce-opnum.c  2015-04-07 13:24:29.036465652 -0700
@@ -171,7 +171,7 @@
      * once we are done using it */
     dup_str_head = dup_str;
     dup_str_temp = dup_str;
-    while ( (comma_token = index(dup_str, ',')) != NULL) {
+    while ( (comma_token = strchr(dup_str, ',')) != NULL) {
         comma_token[0] = '\0';
         dup_str = comma_token + 1;

@@ -179,7 +179,7 @@
         if (dor == NULL)
             goto error;

-        if ((hyphen_token = index(dup_str_temp, '-')) != NULL) {
+        if ((hyphen_token = strchr(dup_str_temp, '-')) != NULL) {
             hyphen_token[0] = '\0';
             hyphen_token++;
             dor->range1 = atoi(dup_str_temp);
@@ -210,7 +210,7 @@
     if (dor == NULL)
         goto error;

-    if ( (hyphen_token = index(dup_str, '-')) != NULL) {
+    if ( (hyphen_token = strchr(dup_str, '-')) != NULL) {
         hyphen_token[0] = '\0';
         hyphen_token++;
         dor->range1 = atoi(dup_str);

In directory 'src', file 'util-host-os-info.c', there are some instances
of the deprecated function call index(), which according to posix
standards, should be replaced by 'strchr()'.  The patch file below
corrects this issue:

--- util-host-os-info.c.orig    2015-04-07 13:28:20.720911554 -0700
+++ util-host-os-info.c 2015-04-07 13:29:07.043798955 -0700
@@ -160,19 +160,19 @@
     }

     /* check if we have more addresses in the host_os_ip_range */
-    if ((ip_str_rem = index(ip_str, ',')) != NULL) {
+    if ((ip_str_rem = strchr(ip_str, ',')) != NULL) {
         ip_str_rem[0] = '\0';
         ip_str_rem++;
         recursive = TRUE;
     }

     /* check if we have received a netblock */
-    if ( (netmask_str = index(ip_str, '/')) != NULL) {
+    if ( (netmask_str = strchr(ip_str, '/')) != NULL) {
         netmask_str[0] = '\0';
         netmask_str++;
     }

-    if (index(ip_str, ':') == NULL) {
+    if (strchr(ip_str, ':') == NULL) {
         /* if we are here, we have an IPV4 address */
         if ( (ipv4_addr = ValidateIPV4Address(ip_str)) == NULL) {
             SCLogError(SC_ERR_INVALID_IPV4_ADDR, "Invalid IPV4 address");
@@ -252,10 +252,10 @@
     struct in6_addr *ipv6_addr = NULL;
     void *user_data = NULL;

-    if (ip_addr_str == NULL || index(ip_addr_str, '/') != NULL)
+    if (ip_addr_str == NULL || strchr(ip_addr_str, '/') != NULL)
         return -1;

-    if (index(ip_addr_str, ':') != NULL) {
+    if (strchr(ip_addr_str, ':') != NULL) {
         if ( (ipv6_addr = ValidateIPV6Address(ip_addr_str)) == NULL) {
             SCLogError(SC_ERR_INVALID_IPV4_ADDR, "Invalid IPV4 address");
             return -1;
@@ -342,7 +342,7 @@
         ConfNode *host;
         TAILQ_FOREACH(host, &policy->head, next) {
             int is_ipv4 = 1;
-            if (index(host->val, ':') != NULL)
+            if (strchr(host->val, ':') != NULL)
                 is_ipv4 = 0;
             if (SCHInfoAddHostOSInfo(policy->name, host->val, is_ipv4) == -1) {
                 SCLogError(SC_ERR_INVALID_ARGUMENT,

In directory 'src', file 'util-radix-tree.c', there are some instances
of the deprecated function call bzero(), which according to posix
standards, should be replaced by 'memset()' (due to length of patch file
I'm not going to list the diff -u here).

I am attaching the patch file(s) to this bug report...

Bill Parker (wp02855 at gmail dot com)

Plenty, and you're welcome to help!

http://suricata-ids.org/participate/


Files

test.c.patch (290 Bytes) test.c.patch Patch File (diff -u) Bill Parker, 04/08/2015 12:13 PM
detect-dce-opnum.c.patch (1 KB) detect-dce-opnum.c.patch Patch File (diff -u) Bill Parker, 04/08/2015 12:14 PM
util-host-os-info.c.patch (1.78 KB) util-host-os-info.c.patch Patch File (diff -u) Bill Parker, 04/08/2015 12:14 PM
util-radix-tree.c.patch (67.6 KB) util-radix-tree.c.patch Patch File (diff -u) Bill Parker, 04/08/2015 12:14 PM
Actions #1

Updated by Victor Julien almost 9 years ago

  • Description updated (diff)
Actions #2

Updated by Victor Julien almost 9 years ago

  • Target version changed from 2.0.8 to 3.0RC2

Bill, could you submit git patches and generally review Contributing? Also, the libhtp patch belongs in the libhtp project: https://github.com/OISF/libhtp

Actions #3

Updated by Victor Julien over 8 years ago

  • Target version changed from 3.0RC2 to 70
Actions #4

Updated by Andreas Herz over 7 years ago

  • Assignee set to Bill Parker
Actions #5

Updated by Andreas Herz almost 5 years ago

How shall we proceed with this?

Actions #6

Updated by Victor Julien over 4 years ago

  • Status changed from New to Assigned
  • Assignee changed from Bill Parker to Victor Julien
Actions #7

Updated by Victor Julien over 4 years ago

  • Subject changed from Missing sanity check plus deprecated library calls in Suricata-2.0.x to deprecated library calls
Actions #8

Updated by Victor Julien over 4 years ago

  • Target version changed from 70 to 6.0.0beta1
Actions #9

Updated by Victor Julien over 4 years ago

  • Status changed from Assigned to Closed
  • Target version changed from 6.0.0beta1 to 5.0.0
Actions

Also available in: Atom PDF