Merge pull request #2208 in SNORT/snort3 from ~MASHASAN/snort3:coverity_fixes to...

author Masud Hasan (mashasan) <mashasan@cisco.com>

Tue, 12 May 2020 20:29:23 +0000 (20:29 +0000)

committer Masud Hasan (mashasan) <mashasan@cisco.com>

Tue, 12 May 2020 20:29:23 +0000 (20:29 +0000)
author Masud Hasan (mashasan) <mashasan@cisco.com>
Tue, 12 May 2020 20:29:23 +0000 (20:29 +0000)
committer Masud Hasan (mashasan) <mashasan@cisco.com>
Tue, 12 May 2020 20:29:23 +0000 (20:29 +0000)
diff --git a/src/main/analyzer.cc b/src/main/analyzer.cc

index 5c4a7b66c7dea2a40f9c726c5a27fd738ede37d1..c2cd39392ec26a2d52825c6befe6162a12ace912 100644 (file)
--- a/src/main/analyzer.cc
+++ b/src/main/analyzer.cc
@@ -342,7 +342,7 @@ void Analyzer::post_process_daq_pkt_msg(Packet* p)
      }
      else if (p->active->is_packet_held() and Stream::set_packet_action_to_hold(p))
      {
-        if (p->flow and p->flow->flags.trigger_detained_packet_event)
+        if (p->flow->flags.trigger_detained_packet_event)
              DataBus::publish(DETAINED_PACKET_EVENT, p);
      }
      else
diff --git a/src/main/control_mgmt.cc b/src/main/control_mgmt.cc

index cbe2a20ec41b812b5d493df9ed57aa17134b2798..f2791280ee7b5e19cbf9c68f3bee0dc058cb90ff 100644 (file)
--- a/src/main/control_mgmt.cc
+++ b/src/main/control_mgmt.cc
@@ -148,7 +148,8 @@ int ControlMgmt::socket_init()
  
      // FIXIT-M want to disable time wait
      int on = 1;
-    setsockopt(listener, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
+    if (setsockopt(listener, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) < 0)
+        FatalError("setsockopt() call failed: %s", get_error(errno));
  
      if (::bind(listener, sock_addr, sock_addr_size) < 0)
          FatalError("bind failed: %s\n", get_error(errno));
diff --git a/src/main/modules.cc b/src/main/modules.cc

index 8ecf11bd392fca0e2a68a93b2da159708e1a4c9f..8829d7f8c503415a326e1ab0a5c1b0001e6183cc 100644 (file)
--- a/src/main/modules.cc
+++ b/src/main/modules.cc
@@ -1007,9 +1007,6 @@ static const Parameter network_params[] =
        "all | ip | noip | tcp | notcp | udp | noudp | icmp | noicmp | none", "all",
        "checksums to verify" },
  
-    { "decode_drops", Parameter::PT_BOOL, nullptr, "false",
-      "enable dropping of packets by the decoder" },
-
      { "id", Parameter::PT_INT, "0:65535", "0",
        "correlate unified2 events with configuration" },
  
@@ -1057,9 +1054,6 @@ bool NetworkModule::set(const char*, Value& v, SnortConfig* sc)
      else if ( v.is("checksum_eval") )
          ConfigChecksumMode(v.get_string());
  
-    else if ( v.is("decode_drops") )
-        p->decoder_drop = v.get_bool();
-
      else if ( v.is("id") )
      {
          p->user_policy_id = v.get_uint16();
diff --git a/src/main/policy.cc b/src/main/policy.cc

index 2cefa79835320d17c30b25d8a79b8de32b540193..60821a7a6dbfc438f8bb66f87a000a291542ba55 100644 (file)
--- a/src/main/policy.cc
+++ b/src/main/policy.cc
@@ -81,6 +81,8 @@ void InspectionPolicy::init(InspectionPolicy* other_inspection_policy)
  {
      framework_policy = nullptr;
      cloned = false;
+    if (other_inspection_policy)
+        policy_id = other_inspection_policy->policy_id;
  
      InspectorManager::new_policy(this, other_inspection_policy);
  }
diff --git a/src/main/policy.h b/src/main/policy.h

index 2a8a1ac7bf60f6fdf28586b5af0142ee034c5c3e..b7269712e7814e094196e98732afdf181237ce37 100644 (file)
--- a/src/main/policy.h
+++ b/src/main/policy.h
@@ -98,8 +98,6 @@ public:
      uint32_t checksum_eval;
      uint32_t checksum_drop;
      uint32_t normal_mask;
-
-    bool decoder_drop;
  };
  
  //-------------------------------------------------------------------------
@@ -117,7 +115,7 @@ public:
      void clone_dbus(snort::SnortConfig*, const char*);
  
  public:
-    PolicyId policy_id;
+    PolicyId policy_id = 0;
      PolicyMode policy_mode = POLICY_MODE__MAX;
      uint32_t user_policy_id = 0;
      uuid_t uuid{};
diff --git a/src/stream/ip/ip_defrag.cc b/src/stream/ip/ip_defrag.cc

index 38b235e7938726dc0f9b1bf04c6e611cd8765bd4..77481ddb27e3c76db95c5c9feb4a32ab3fe46ebc 100644 (file)
--- a/src/stream/ip/ip_defrag.cc
+++ b/src/stream/ip/ip_defrag.cc
@@ -1077,7 +1077,8 @@ int Defrag::insert(Packet* p, FragTracker* ft, FragEngine* fe)
      if (p->is_ip6() && (net_frag_offset == 0))
      {
          const ip::IP6Frag* const fragHdr = layer::get_inner_ip6_frag();
-        ft->ip_proto = fragHdr->ip6f_nxt;
+        if (fragHdr)
+            ft->ip_proto = fragHdr->ip6f_nxt;
      }
  
      /*
diff --git a/src/stream/user/user_session.cc b/src/stream/user/user_session.cc

index 961f0892706463723da50f91575f2fe2363401d5..2a312aa951aea8849d4e243c2b01054c525c80be 100644 (file)
--- a/src/stream/user/user_session.cc
+++ b/src/stream/user/user_session.cc
@@ -492,7 +492,7 @@ int UserSession::process(Packet* p)
  
      UserTracker& ut = p->is_from_client() ? server : client;
  
-    if ( p->ptrs.decode_flags & DECODE_SOF or !ut.splitter )
+    if ( !ut.splitter or p->ptrs.decode_flags & DECODE_SOF )
          start(p, flow);
  
      if ( p->data && p->dsize )
author	Masud Hasan (mashasan) <mashasan@cisco.com>
	Tue, 12 May 2020 20:29:23 +0000 (20:29 +0000)
committer	Masud Hasan (mashasan) <mashasan@cisco.com>
	Tue, 12 May 2020 20:29:23 +0000 (20:29 +0000)
src/main/analyzer.cc		patch \| blob \| blame \| history
src/main/control_mgmt.cc		patch \| blob \| blame \| history
src/main/modules.cc		patch \| blob \| blame \| history
src/main/policy.cc		patch \| blob \| blame \| history
src/main/policy.h		patch \| blob \| blame \| history
src/stream/ip/ip_defrag.cc		patch \| blob \| blame \| history
src/stream/user/user_session.cc		patch \| blob \| blame \| history