Lack of Sanity Checking in file patricia.c in Bro-2.3.2

Description

Hello All,

In reviewing source code in Bro-2.3.2, I found several instances of missing sanity checks
for calls to calloc() in file 'patricia.c' in directory 'aux/broctl/aux/pysubnettree', where calls
to calloc() are not checked for a return value of NULL, indicating failure. The patch file below corrects/addresses these issues:

— patricia.c.orig 2015-06-05 13:25:12.749964570 -0700
+++ patricia.c 2015-06-05 13:36:05.432917217 -0700
@@ -265,7 +265,10 @@
//prefix4_t size incorrect on NT
prefix = calloc(1, sizeof (prefix_t));
#endif /* NT */
-
+ if (prefix == NULL) { /* we tried to allocate memory again, and failed... */
+ fprintf(stderr, "Unable to allocate memory for prefix...\n");
+ return (prefix); /* can we return NULL here? */
+ }
dynamic_allocated++;
}
memcpy (&prefix->add.sin, dest, 4);
@@ -396,6 +399,10 @@
New_Patricia (int maxbits)
{
patricia_tree_t *patricia = calloc(1, sizeof *patricia);
+ if (patricia == NULL) { /* oops, calloc() failed, now what? */
+ fprintf(stderr, "Unable to allocate memory in New_Patricia...\n");
+ return (patricia); /* can we return NULL here? */
+ }

patricia->maxbits = maxbits;
patricia->head = NULL;
@@ -665,6 +672,10 @@

if (patricia->head == NULL) {
node = calloc(1, sizeof *node);
+ if (node == NULL) { /* oops, memory allocation failed... */
+ fprintf(stderr, "Unable to allocate memory for patricia_lookup...\n");
+ return NULL; /* can we return NULL here??? */
+ }
node->bit = prefix->bitlen;
node->prefix = Ref_Prefix (prefix);
node->parent = NULL;
@@ -776,6 +787,11 @@
}

new_node = calloc(1, sizeof *new_node);
+ if (new_node == NULL) { /* oops, unable to allocate memory for new_node */
+ fprintf(stderr, "Unable to allocate memory for new_node in patricia_lookup...\n");
+ free(node);
+ return (NULL); /* can we return NULL here? */
+ }
new_node->bit = prefix->bitlen;
new_node->prefix = Ref_Prefix (prefix);
new_node->parent = NULL;
@@ -828,6 +844,12 @@
}
else {
glue = calloc(1, sizeof *glue);
+ if (glue == NULL) { /* oops, unable to allocate memory for glue... */
+ fprintf(stderr, "Unable to allocate memory for glue in patricia_lookup...\n");
+ free(new_node);
+ free(node);
+ return (glue); /* can we return NULL here? */
+ }
glue->bit = differ_bit;
glue->prefix = NULL;
glue->parent = node->parent;

Environment

Unix/Linux/Windows (lack of sanity checking)

Assignee

Unassigned

Reporter

Bill Parker

Labels

External issue ID

None

Components

Fix versions

Affects versions

Priority

Normal
Configure