Pull request #4754: build: address coverity warnings

Merge in SNORT/snort3 from ~OFATIEIE/snort3:ips_rule_engine_coverity_fix to master

Squashed commit of the following:

commit ea1a4897fd80585fc6ebf9b2c163f87f433ef39f
Author: Oleksandr Fatieiev <ofatieie@cisco.com>
Date:   Tue May 20 17:55:38 2025 +0300

    build: address coverity warnings

diff --git a/src/ips_options/ips_byte_extract.cc b/src/ips_options/ips_byte_extract.cc
index 8f13e43e9806f1878f0effbf6c715084a0f3704c..294eab20d8fe090381c322c33c68a5f061209a46 100644 (file)
--- a/src/ips_options/ips_byte_extract.cc
+++ b/src/ips_options/ips_byte_extract.cc
@@ -155,7 +155,9 @@ IpsOption::EvalStatus ByteExtractOption::eval(Cursor& c, Packet* p)
 
     SetVarValueByIndex(value, config.var_number);
 
-    c.add_pos(config.offset + bytes_read);
+    auto result = c.add_pos(config.offset + bytes_read);
+    assert(result);
+    UNUSED(result);
 
     return MATCH;
 }

diff --git a/src/ips_options/ips_byte_math.cc b/src/ips_options/ips_byte_math.cc
index f0c86a76569cd949ffe79af246cb85bd7ff3bab6..9bd18cffb089d7849eecfda0fdac8ec830f275d6 100644 (file)
--- a/src/ips_options/ips_byte_math.cc
+++ b/src/ips_options/ips_byte_math.cc
@@ -244,6 +244,7 @@ int ByteMathOption::calc(uint32_t& value, const uint32_t rvalue)
             break;
         }
     case BM_DIVIDE:
+        assert(rvalue != 0);
         value /= rvalue;
         break;
 

diff --git a/src/ips_options/ips_pcre.cc b/src/ips_options/ips_pcre.cc
index 3ad33ebb56324e633065ddd2e6d55305d1960b5b..95d9507cd0fb4e1b89786695b2a281a88ff89708 100644 (file)
--- a/src/ips_options/ips_pcre.cc
+++ b/src/ips_options/ips_pcre.cc
@@ -268,6 +268,7 @@ static void pcre_parse(const SnortConfig* sc, const char* data, PcreData* pcre_d
 
         default:
             ParseError("unknown/extra pcre option encountered");
+            snort_free(free_me);
             return;
         }
         opts++;

diff --git a/src/managers/so_manager.cc b/src/managers/so_manager.cc
index e97ce036e7ebda5cb6af742c654202cb3c638e9b..d55b72d59ddd89fad6508749442566eafe9fb66a 100644 (file)
--- a/src/managers/so_manager.cc
+++ b/src/managers/so_manager.cc
@@ -31,13 +31,16 @@
 #include <iomanip>
 #include <iostream>
 #include <sstream>
+#include <random>
 
 #include "log/messages.h"
 #include "framework/decode_data.h"
 #include "framework/inspector.h"
 #include "framework/module.h"
 #include "main/snort_config.h"
+#include "main/snort_types.h"
 #include "parser/parse_so_rule.h"
+#include "utils/util.h"
 
 using namespace snort;
 using namespace std;
@@ -156,12 +159,13 @@ static void strvrt(const string& text, string& data)
 
     data.assign((const char*)d, len);
 
-    // generate xor key.  there is no hard core crypto requirement here but
-    // rand() is known to be weak, especially in the lower bits nonetheless
-    // this seems to work as good as the basic C++ 11 default generator and
-    // uniform distribution
+    static auto seed = get_random_seed();
 
-    uint8_t key = (uint8_t)(rand() >> 16);
+    assert(in_main_thread());
+    static std::mt19937 generator(seed + get_instance_id() + get_thread_type());
+    std::uniform_int_distribution<uint8_t> dist(0, UINT8_MAX);
+
+    uint8_t key = dist(generator);
 
     if ( !key )
         key = 0xA5;