]> git.ipfire.org Git - thirdparty/snort3.git/commitdiff
Pull request #4070: src: fix coverity warnings
authorMaya Dagon (mdagon) <mdagon@cisco.com>
Fri, 27 Oct 2023 10:00:40 +0000 (10:00 +0000)
committerOleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) <oshumeik@cisco.com>
Fri, 27 Oct 2023 10:00:40 +0000 (10:00 +0000)
Merge in SNORT/snort3 from ~MDAGON/snort3:coverity to master

Squashed commit of the following:

commit 5085ae69eeeb397398e4e72704ab917a65c1c178
Author: maya dagon <mdagon@cisco.com>
Date:   Fri Oct 20 12:12:41 2023 -0400

    src: fix coverity warnings

src/actions/actions.cc
src/detection/fp_create.cc
src/main/snort_config.cc
src/service_inspectors/wizard/hexes.cc
src/stream/stream.cc
tools/snort2lua/helpers/converter.cc

index 9320e8a59265e9126492052625ecdfc70d67c4a2..64a129b31db052065027f448b78d4c97f4b45de5 100644 (file)
@@ -55,7 +55,7 @@ void Actions::alert(Packet* p, const OptTreeNode* otn)
     /* Call OptTreeNode specific output functions */
     if (otn->outputFuncs)
     {
-        ListHead lh;  // FIXIT-L use of ListHead for CallLogFuncs() is a little unwieldy here
+        ListHead lh = {};  // FIXIT-L use of ListHead for CallLogFuncs() is a little unwieldy here
         lh.LogList = otn->outputFuncs;
         CallLogFuncs(p, otn, &lh);
     }
index cca11ef039a30b2549080c52f5213f1a2d0d3d91..7cbccf92c6cdaa9dd11e4a1d81a03bf1b9a57b10 100644 (file)
@@ -245,7 +245,7 @@ static int otn_create_tree(OptTreeNode* otn, void** existing_tree, Mpse::MpseTyp
                 child->evaluate = opt_fp->OptTestFunc;
                 child->num_children++;
                 child->children = (detection_option_tree_node_t**)
-                    snort_calloc(child->num_children, sizeof(child->children));
+                    snort_calloc(child->num_children, sizeof(detection_option_tree_node_t*));
                 child->is_relative = opt_fp->isRelative;
 
                 bud->num_children++;
index 06fa37c82f2f893b61fb087aa07707aabcfeab41..1356653226a120fcb9ce4b9bd582dbb8dd959434 100644 (file)
@@ -852,7 +852,8 @@ void SnortConfig::set_tunnel_verdicts(const char* args)
 
         else
         {
-            ParseError("unknown tunnel bypass protocol");
+            ParseError("unknown tunnel bypass protocol %s", tok);
+            snort_free(tmp);
             return;
         }
 
index 8bee72b15acfe17727f6265a6c24696c2f46e78b..2201fd0b9a48329e721352f594a22f8264a70f10 100644 (file)
@@ -132,8 +132,7 @@ bool HexBook::add_spell(const char* key, const char*& val, ArcaneType proto)
 
         if ( c == WILD and p->any )
             p = p->any;
-
-        else if ( p->next[c] )
+        else if ( c != WILD and p->next[c] )
             p = p->next[c];
 
         else
index 434144d01ffb00171ae566a2c08df2e725fd1f44..19f67e2a75e953257e3ef8d083ecf95aaa2f9e96 100644 (file)
@@ -232,7 +232,8 @@ void Stream::check_flow_closed(Packet* p)
         if ( !(p->packet_flags & PKT_STATELESS) )
         {
             drop_traffic(p, SSN_DIR_BOTH);
-            p->active->set_drop_reason("stream");
+            if (p->active)
+                p->active->set_drop_reason("stream");
             if (PacketTracer::is_active())
                 PacketTracer::log("Stream: pending block, drop\n");
         }
index d2d5a42f272e4ce873104f52974c1fd175d73728..16a6e7ac44ad84b43cb079845247a83f1fbb7199 100644 (file)
@@ -235,7 +235,8 @@ int Converter::parse_file(
         std::size_t first_non_white_char = tmp.find_first_not_of(" \f\n\r\t\v");
         std::size_t last_non_space = tmp.find_last_not_of(' ');
 
-        bool comment = (tmp[first_non_white_char] == '#') or (tmp[first_non_white_char] == ';');
+        bool comment = (first_non_white_char != std::string::npos) and ((tmp[first_non_white_char] == '#') or
+            (tmp[first_non_white_char] == ';'));
         bool commented_rule = tmp.substr(0, 7) == "# alert";
 
         if ( !commented_rule && ((first_non_white_char == std::string::npos) || comment) )