From: Bohdan Hryniv -X (bhryniv - SOFTSERVE INC at Cisco) Date: Thu, 14 Aug 2025 22:20:31 +0000 (+0000) Subject: Pull request #4864: control: fix heap-use-after-free in is_local X-Git-Tag: 3.9.5.0~16 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=54ba0ba7ee4eacf45e8e9d3727b5657d4d91fac4;p=thirdparty%2Fsnort3.git Pull request #4864: control: fix heap-use-after-free in is_local Merge in SNORT/snort3 from ~BHRYNIV/snort3:fix_asan_ctrlcon to master Squashed commit of the following: commit 1dd64671ac9c82c79988c4e9798b360a33b1e1de Author: Bohdan Hryniv Date: Mon Aug 11 10:18:40 2025 -0400 control: fix heap-use-after-free in is_local --- diff --git a/src/main.cc b/src/main.cc index 252d563e7..f050f5a9c 100644 --- a/src/main.cc +++ b/src/main.cc @@ -312,11 +312,15 @@ static AnalyzerCommand* get_command(AnalyzerCommand* ac, ControlConn* ctrlcon) #ifndef SHELL UNUSED(ctrlcon); #else + // If broadcast doesn't provide ControlConn but inner command has one, + // use the inner command's ControlConn for wrapping + if (!ctrlcon && ac->ctrlcon) + ctrlcon = ac->ctrlcon; + if (ctrlcon) - return ( new ACShellCmd(ctrlcon, ac) ); - else + return new ACShellCmd(ctrlcon, ac); #endif - return ac; + return ac; } static void send_response(ControlConn* ctrlcon, const char* response) @@ -865,7 +869,7 @@ int main_help(lua_State* L) ++cmd; } } - + send_response(ctrlcon, "\nModule Commands:\n"); for (const auto& str : prefix_cmds) send_response(ctrlcon, str.c_str()); @@ -873,7 +877,7 @@ int main_help(lua_State* L) send_response(ctrlcon, "\nTop Level Commands:\n"); for (const auto& str : no_prefix_cmds) send_response(ctrlcon, str.c_str()); - + return 0; } @@ -1215,7 +1219,7 @@ static void main_loop() } pthreads_started = pigs_started_count && num_threads <= pigs_started_count + pigs_failed; - + if (pthreads_started) { #ifdef REG_TEST @@ -1326,4 +1330,3 @@ int main(int argc, char* argv[]) return main_exit_code; } -