Bug #3672: coverity: data directory handling issues - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #3672

closed

coverity: data directory handling issues

Added by Jeff Lucovsky over 5 years ago. Updated over 5 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Jeff Lucovsky

Target version:

5.0.3

Affected Versions:

Effort:

Difficulty:

Label:

Description

** CID 1460664:    (INTEGER_OVERFLOW)
/src/util-conf.c: 77 in ConfigSetDataDirectory()
/src/util-conf.c: 78 in ConfigSetDataDirectory()

________________________________________________________________________________________________________
*** CID 1460664:    (INTEGER_OVERFLOW)
/src/util-conf.c: 77 in ConfigSetDataDirectory()
71         if (strlen(name) == 0)
72             return TM_ECODE_OK;
73     
74         size_t size = strlen(name) + 1;
75         char tmp[size];
76         strlcpy(tmp, name, size);
>>>     CID 1460664:    (INTEGER_OVERFLOW)
>>>     Overflowed or truncated value (or a value computed from an overflowed or truncated value) "size - 2UL" used as array index.
77         if (tmp[size - 2] == '/')
78             tmp[size - 2] = '\0';
79     
80         return ConfSetFinal("default-data-dir", tmp) ? TM_ECODE_OK : TM_ECODE_FAILED;
81     }
82     
/src/util-conf.c: 78 in ConfigSetDataDirectory()
72             return TM_ECODE_OK;
73     
74         size_t size = strlen(name) + 1;
75         char tmp[size];
76         strlcpy(tmp, name, size);
77         if (tmp[size - 2] == '/')
>>>     CID 1460664:    (INTEGER_OVERFLOW)
>>>     Overflowed or truncated value (or a value computed from an overflowed or truncated value) "size - 2UL" used as array index.
78             tmp[size - 2] = '\0';
79     
80         return ConfSetFinal("default-data-dir", tmp) ? TM_ECODE_OK : TM_ECODE_FAILED;
81     }
82     
83     const char *ConfigGetDataDirectory()

Related issues 1 (0 open — 1 closed)