Merge in SNORT/snort3 from ~SATHIRKA/snort3:appid_coverity to master
Squashed commit of the following:
commit
49746e192fce6caf2e7c19702c8fffdaaeabdb54
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Fri Nov 17 06:42:53 2023 -0500
appid: fixing coverity issues
return true;
}
- DHPSequence sequence;
- AppId service_id;
- AppId client_id;
- AppId payload_id;
- AppId app_id;
- unsigned pattern_size;
- const uint8_t* pattern;
+ DHPSequence sequence = SINGLE;
+ AppId service_id = 0;
+ AppId client_id = 0;
+ AppId payload_id = 0;
+ AppId app_id = 0;
+ unsigned pattern_size = 0;
+ const uint8_t* pattern = nullptr;
};
typedef std::vector<DetectorHTTPPattern> DetectorHTTPPatterns;
ss->pos++;
break;
case BIT_STATE_MESSAGE_LEN:
+ if (ss->pos >= 4)
+ break;
ss->l.raw_len[ss->pos] = data[offset];
ss->pos++;
if (ss->pos >= offsetof(ServiceBITMsg, code))
new RegTestServiceDetector2(this);
#endif
- for ( auto kv : tcp_detectors )
+ for ( auto& kv : tcp_detectors )
{
kv.second->initialize(inspector);
service_detector_list.emplace_back(kv.second);
}
- for ( auto kv : udp_detectors )
+ for ( auto& kv : udp_detectors )
{
kv.second->initialize(inspector);
service_detector_list.emplace_back(kv.second);
void ServiceDiscovery::reload()
{
- for ( auto kv : tcp_detectors )
+ for ( auto& kv : tcp_detectors )
kv.second->reload();
- for ( auto kv : udp_detectors )
+ for ( auto& kv : udp_detectors )
kv.second->reload();
}
data += sizeof(NBDgmError);
if (end != data)
goto fail;
- if (err->code < NBDGM_ERROR_CODE_MIN and
+ if (err->code < NBDGM_ERROR_CODE_MIN or
err->code > NBDGM_ERROR_CODE_MAX)
{
goto fail;
}
break;
case SSLV3RecordType::SERVER_HELLO_DONE:
- if (size < offsetof(ServiceSSLV3Record, version))
- goto success;
if (rec->length)
goto fail;
if (ss->tot_length != offsetof(ServiceSSLV3Record, version))
break;
case TNS_STATE_MESSAGE_ACCEPT:
+ if (ss->pos >= (ACCEPT_VERSION_OFFSET + 2))
+ break;
ss->l.raw_len[ss->pos - ACCEPT_VERSION_OFFSET] = data[offset];
ss->pos++;
- if (ss->pos >= (ACCEPT_VERSION_OFFSET + 2))
+ if (ss->pos == (ACCEPT_VERSION_OFFSET + 2))
{
switch (ntohs(ss->l.len))
{