Bug #8588
openredis: NULL dereference when allocating stream format
Description
In SCConfLogOpenRedis(), when Redis output is configured in stream/xadd mode with a positive stream-maxlen value, Suricata allocates redis_setup.stream_format and immediately passes it to snprintf().
Current code path:
src/util-log-redis.c:
- SCConfLogOpenRedis()
- redis mode is "stream" or "xadd"
- stream-maxlen is greater than 0
- log_ctx->redis_setup.stream_format = SCCalloc(100, sizeof(char))
- snprintf(log_ctx->redis_setup.stream_format, ...)
If SCCalloc() fails, stream_format is NULL and snprintf() dereferences it, causing a crash during Redis output initialization.
Nearby Redis initialization code already uses FatalError() for unrecoverable setup failures, for example when allocating the Redis context or validating required Redis configuration. This suggests the missing allocation check is an oversight.
Proposed fix:
Check redis_setup.stream_format after SCCalloc() and call FatalError() if allocation fails, before passing it to snprintf().
Patch branch:
https://github.com/kenifor/suricata/tree/fix-redis-stream-format-alloc
Pull request:
TBD
JF Updated by Juliana Fajardini Reichow 25 days ago
- Status changed from New to Assigned
- Assignee set to Denis Balashov
- Target version changed from TBD to 9.0.0-beta1
Hi, could you please submit a PR with your patch, so it's easier for us to review and test?
Thanks for creating this bug ticket, I've assigned the ticket to you.
DB Updated by Denis Balashov 10 days ago
Juliana Fajardini Reichow wrote in #note-1:
Hi, could you please submit a PR with your patch, so it's easier for us to review and test?
Thanks for creating this bug ticket, I've assigned the ticket to you.
PA Updated by Philippe Antoine 10 days ago
- Status changed from Assigned to In Review