Actions
Bug #7270
closedyaml: Possible dereference of nullptr in case of unsuccess allocation of memory for node in yaml parser
Affected Versions:
Effort:
low
Difficulty:
low
Label:
Beginner
Description
conf-yaml-loader.c:334 is instruction with allocation of new node, which could return nullptr in case of unsuccessful allocation and this could potentially lead to dereference of nullptr in some(pretty rare) cases
ConfNode *existing = ConfNodeLookupChild(parent, value);
if (existing != NULL) {
if (!existing->final) {
SCLogInfo("Configuration node '%s' redefined.", existing->name);
ConfNodePrune(existing);
}
node = existing;
} else {
node = ConfNodeNew(); <---- Allocation result is not checked
node->name = SCStrdup(value);
node->parent = parent;
Updated by Jason Ish about 2 months ago
- Status changed from New to In Review
Updated by Philippe Antoine about 2 months ago
- Target version changed from TBD to 8.0.0-beta1
Updated by OISF Ticketbot about 2 months ago
- Label deleted (
Needs backport to 7.0)
Updated by Juliana Fajardini Reichow about 1 month ago
- Status changed from In Review to Resolved
Merged PR: https://github.com/OISF/suricata/pull/11847
Updated by Juliana Fajardini Reichow about 1 month ago
- Status changed from Resolved to Closed
Actions