Conf: Multipe NULL-pointer dereferences after ConfGetBool in StreamTcpInitConfig

There are multiple NULL-pointer dereferences after calling ConfGetBool in StreamTcpInitConfig. ConfGetBool calls ConfGet which doesn't check the vptr-argument. This is a sample ASAN-output:

1453ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f2969b83a28 bp 0x7ffdbf613a90 sp 0x7ffdbf613210 T0)
 0 0x7f2969b83a27 in strcasecmp (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x51a27)
 1 0x564185accefd in ConfValIsTrue /root/suricata-1/src/conf.c:559
 2 0x564185accb4f in ConfGetBool /root/suricata-1/src/conf.c:512
 3 0x564185dcbe05 in StreamTcpInitConfig /root/suricata-1/src/stream-tcp.c:381
 4 0x564185e21a88 in PreRunInit /root/suricata-1/src/suricata.c:2264
 5 0x564185e24d2c in PostConfLoadedSetup /root/suricata-1/src/suricata.c:2763
 6 0x564185e2570e in main /root/suricata-1/src/suricata.c:2898
 7 0x7f29662cb2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
 8 0x5641859b6039 in _start (/usr/local/bin/suricata+0xc8039)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x51a27) in strcasecmp
1453ABORTING

This commit replaces ConfGet by ConfGetValue in ConfGetBool. This does not only fix Bug #2368 but might also fix others too.

diff --git a/src/conf.c b/src/conf.c
index dfd2410df7703c563e9ba206982e9761385042f3..5ea30fc603ccb075b720638b18f3ce10d819c849 100644 (file)
--- a/src/conf.c
+++ b/src/conf.c
@@ -506,7 +506,7 @@ int ConfGetBool(const char *name, int *val)
     const char *strval = NULL;
 
     *val = 0;
-    if (ConfGet(name, &strval) != 1)
+    if (ConfGetValue(name, &strval) != 1)
         return 0;
 
     *val = ConfValIsTrue(strval);