From 1d3afcea8071eed520a28710431960d164c2e186 Mon Sep 17 00:00:00 2001 From: "Oleksandr Fatieiev -X (ofatieie - SOFTSERVE INC at Cisco)" Date: Thu, 5 Jun 2025 14:48:53 +0000 Subject: [PATCH] Pull request #4754: build: address coverity warnings Merge in SNORT/snort3 from ~OFATIEIE/snort3:ips_rule_engine_coverity_fix to master Squashed commit of the following: commit ea1a4897fd80585fc6ebf9b2c163f87f433ef39f Author: Oleksandr Fatieiev Date: Tue May 20 17:55:38 2025 +0300 build: address coverity warnings --- src/ips_options/ips_byte_extract.cc | 4 +++- src/ips_options/ips_byte_math.cc | 1 + src/ips_options/ips_pcre.cc | 1 + src/managers/so_manager.cc | 14 +++++++++----- 4 files changed, 14 insertions(+), 6 deletions(-) diff --git a/src/ips_options/ips_byte_extract.cc b/src/ips_options/ips_byte_extract.cc index 8f13e43e9..294eab20d 100644 --- a/src/ips_options/ips_byte_extract.cc +++ b/src/ips_options/ips_byte_extract.cc @@ -155,7 +155,9 @@ IpsOption::EvalStatus ByteExtractOption::eval(Cursor& c, Packet* p) SetVarValueByIndex(value, config.var_number); - c.add_pos(config.offset + bytes_read); + auto result = c.add_pos(config.offset + bytes_read); + assert(result); + UNUSED(result); return MATCH; } diff --git a/src/ips_options/ips_byte_math.cc b/src/ips_options/ips_byte_math.cc index f0c86a765..9bd18cffb 100644 --- a/src/ips_options/ips_byte_math.cc +++ b/src/ips_options/ips_byte_math.cc @@ -244,6 +244,7 @@ int ByteMathOption::calc(uint32_t& value, const uint32_t rvalue) break; } case BM_DIVIDE: + assert(rvalue != 0); value /= rvalue; break; diff --git a/src/ips_options/ips_pcre.cc b/src/ips_options/ips_pcre.cc index 3ad33ebb5..95d9507cd 100644 --- a/src/ips_options/ips_pcre.cc +++ b/src/ips_options/ips_pcre.cc @@ -268,6 +268,7 @@ static void pcre_parse(const SnortConfig* sc, const char* data, PcreData* pcre_d default: ParseError("unknown/extra pcre option encountered"); + snort_free(free_me); return; } opts++; diff --git a/src/managers/so_manager.cc b/src/managers/so_manager.cc index e97ce036e..d55b72d59 100644 --- a/src/managers/so_manager.cc +++ b/src/managers/so_manager.cc @@ -31,13 +31,16 @@ #include #include #include +#include #include "log/messages.h" #include "framework/decode_data.h" #include "framework/inspector.h" #include "framework/module.h" #include "main/snort_config.h" +#include "main/snort_types.h" #include "parser/parse_so_rule.h" +#include "utils/util.h" using namespace snort; using namespace std; @@ -156,12 +159,13 @@ static void strvrt(const string& text, string& data) data.assign((const char*)d, len); - // generate xor key. there is no hard core crypto requirement here but - // rand() is known to be weak, especially in the lower bits nonetheless - // this seems to work as good as the basic C++ 11 default generator and - // uniform distribution + static auto seed = get_random_seed(); - uint8_t key = (uint8_t)(rand() >> 16); + assert(in_main_thread()); + static std::mt19937 generator(seed + get_instance_id() + get_thread_type()); + std::uniform_int_distribution dist(0, UINT8_MAX); + + uint8_t key = dist(generator); if ( !key ) key = 0xA5; -- 2.47.3