conf: fix NULL-pointer dereference in CoredumpLoadConfig

An empty value for coredump.max-dump in the config-file leads to a segfault because of a NULL-pointer dereference in CoredumpLoadConfig().

Here is a configuration example:

coredump.max-dump: []

This lets suricata crash with a segfault:

ASAN-output:
==9412==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f22e851aa28 bp 0x7ffd90006fc0 sp 0x7ffd90006740 T0)
    0 0x7f22e851aa27 in strcasecmp (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x51a27)
    1 0x5608a7ec0108 in CoredumpLoadConfig /root/suricata-1/src/util-coredump-config.c:52
    2 0x5608a7e8bb22 in PostConfLoadedSetup /root/suricata-1/src/suricata.c:2752
    3 0x5608a7e8c577 in main /root/suricata-1/src/suricata.c:2892
    4 0x7f22e4c622b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
    5 0x5608a7a30c59 in _start (/usr/local/bin/suricata+0xc4c59)

Bug #2276

diff --git a/src/util-coredump-config.c b/src/util-coredump-config.c
index a88b3f32be9c0a9c7fcc5b197d9e24257629d827..3f1da66aaf7af632fa7bf4c2d5f17049e98c51bc 100644 (file)
--- a/src/util-coredump-config.c
+++ b/src/util-coredump-config.c
@@ -49,6 +49,10 @@ int32_t CoredumpLoadConfig (void)
         SCLogDebug ("core dump size not specified");
         return 1;
     }
+    if (dump_size_config == NULL) {
+        SCLogError (SC_ERR_INVALID_YAML_CONF_ENTRY, "malformed value for coredump.max-dump: NULL");
+        return 0;
+    }
     if (strcasecmp (dump_size_config, "unlimited") == 0) {
         unlimited = 1;
     }