Prevent possible segmentation violation/faults in Bro-2.3.2

Description

Hello All,

In reviewing calls to memset() in Bro-2.3.2, I came across a
pair of instances where memset could POSSIBLY be called with a
address area pointing to NULL, which would generate a segmentation
violation/fault during execution. The patch files below should
address these issues:

In directory 'bro-2.3.2/aux/broctl/aux/pysubnettree', file
'SubnetTree_wrap.cc':

— SubnetTree_wrap.cc.orig 2015-08-02 18:56:24.034212101 -0400
+++ SubnetTree_wrap.cc 2015-08-02 18:59:11.242212101 -0400
@@ -719,6 +719,8 @@
SWIG_UnpackDataName(const char *c, void *ptr, size_t sz, const char *name) {
if (*c != '_') {
if (strcmp(c,"NULL") == 0) {
+ if (ptr == NULL) /* on off chance that ptr is NULL, memset() */
+ return 0; /* will segment violation/fault, so return 0 */
memset(ptr,0,sz);
return name;
} else {

In directory 'bro-2.3.2/aux/broccoli/src', file 'bro.c':

— bro.c.orig 2015-08-02 19:04:00.161212101 -0400
+++ bro.c 2015-08-02 19:05:15.608212101 -0400
@@ -367,6 +367,9 @@
void
bro_ctx_init(BroCtx *ctx)
{
+ if (! ctx) /* paranoid, ctx must NOT be NULL */
+ return;
+
memset(ctx, 0, sizeof(BroCtx));
}

Comments, Questions, Suggestions, Complaints

I am attaching the patch file(s) to this bug report...

Bill Parker (wp02855 at gmail dot com)

Environment

Linux/Windows/BSD, etc

Assignee

Unassigned

Reporter

Bill Parker

External issue ID

None

Components

Affects versions

Priority

Normal
Configure