Actions
Bug #7270
closedconf: nullptr dereference if mem alloc fails for a node in yaml parser
Affected Versions:
Effort:
low
Difficulty:
low
Label:
Beginner
Description
conf-yaml-loader.c:334 is instruction with allocation of new node, which could return nullptr in case of unsuccessful allocation and this could potentially lead to dereference of nullptr in some(pretty rare) cases
ConfNode *existing = ConfNodeLookupChild(parent, value);
if (existing != NULL) {
if (!existing->final) {
SCLogInfo("Configuration node '%s' redefined.", existing->name);
ConfNodePrune(existing);
}
node = existing;
} else {
node = ConfNodeNew(); <---- Allocation result is not checked
node->name = SCStrdup(value);
node->parent = parent;
Updated by Philippe Antoine 3 months ago
- Target version changed from TBD to 8.0.0-beta1
Updated by Juliana Fajardini Reichow 2 months ago
- Status changed from In Review to Resolved
Merged PR: https://github.com/OISF/suricata/pull/11847
Updated by Juliana Fajardini Reichow 2 months ago
- Status changed from Resolved to Closed
Updated by Juliana Fajardini Reichow 5 days ago
- Subject changed from yaml: Possible dereference of nullptr in case of unsuccess allocation of memory for node in yaml parser to conf: nullptr dereference if mem alloc fails for a node in yaml parser
Actions