Bill Parker created BIT-1416:
--------------------------------
Summary: Lack of Sanity Checking in file nfcollector.c in Bro-2.3.2
Key: BIT-1416
URL: https://bro-tracker.atlassian.net/browse/BIT-1416
Project: Bro Issue Tracker
Issue Type: Patch
Components: bro-aux
Affects Versions: 2.3
Environment: Unix/Linux/Windows/All (OS)
Reporter: Bill Parker
Attachments: nfcollector.c.patch
Hello All,
In reviewing code in Bro-2.3.2, file 'nfcollector.c', in directory
'aux/bro-aux/nftools', I found a call to malloc() without a check for a return
value of NULL, indicating failure. The patch file below should correct/address
this issue:
--- nfcollector.c.orig 2015-06-05 13:13:50.404241937 -0700
+++ nfcollector.c 2015-06-05 13:16:10.305022607 -0700
@@ -41,6 +41,10 @@
switch (opt) {
case 'o':
outfile = malloc (strlen(optarg) + 1);
+ if (outfile == NULL) {
+ fprintf(stderr, " Unable to allocate memory for output file I/O,
exiting...\n");
+ pleave(1, "Out of Memory");
+ }
strcpy (outfile, optarg);
break;
case 'p':
I am attaching the patch file to this bug report
Bill Parker (wp02855 at gmail dot com)
--
This message was sent by Atlassian JIRA
(v6.5-OD-05-041#65001)
_______________________________________________
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
