From: Philippe Antoine Date: Mon, 29 Nov 2021 12:24:12 +0000 (+0100) Subject: dnp3: check Base64Encode return value for logging X-Git-Tag: suricata-5.0.9~14 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=00b0001d44e2d31fbca1d3a5868174d24f4d20e9;p=thirdparty%2Fsuricata.git dnp3: check Base64Encode return value for logging So that NULL pointers do not get logged Ticket: 4849 --- diff --git a/scripts/dnp3-gen/dnp3-gen.py b/scripts/dnp3-gen/dnp3-gen.py index d954535d21..ea90ebedf8 100755 --- a/scripts/dnp3-gen/dnp3-gen.py +++ b/scripts/dnp3-gen/dnp3-gen.py @@ -177,10 +177,10 @@ void OutputJsonDNP3SetItem(json_t *js, DNP3Object *object, {% elif field.type == "bytearray" %} unsigned long {{field.name}}_b64_len = BASE64_BUFFER_SIZE(data->{{field.len_field}}); uint8_t {{field.name}}_b64[{{field.name}}_b64_len]; - Base64Encode(data->{{field.name}}, data->{{field.len_field}}, - {{field.name}}_b64, &{{field.name}}_b64_len); - json_object_set_new(js, "data->{{field.name}}", - json_string((char *){{field.name}}_b64)); + if (Base64Encode(data->{{field.name}}, data->{{field.len_field}}, + {{field.name}}_b64, &{{field.name}}_b64_len) == SC_BASE64_OK) + json_object_set_new(js, "data->{{field.name}}", + json_string((char *){{field.name}}_b64)); {% elif field.type == "vstr4" %} json_object_set_new(js, "data->{{field.name}}", SCJsonString(data->{{field.name}})); {% elif field.type == "chararray" %} @@ -507,7 +507,10 @@ static int DNP3DecodeObjectG{{object.group}}V{{object.variation}}(const uint8_t *len -= 4; {% elif field.type == "bytearray" %} {% if field.len_from_prefix %} - object->{{field.len_field}} = prefix - (offset - *len); + if (prefix < (offset - *len)) { + goto error; + } + object->{{field.len_field}} = (uint16_t)(prefix - (offset - *len)); {% endif %} if (object->{{field.len_field}} > 0) { if (*len < object->{{field.len_field}}) { @@ -527,7 +530,11 @@ static int DNP3DecodeObjectG{{object.group}}V{{object.variation}}(const uint8_t if (prefix - (offset - *len) >= {{field.size}}) { goto error; } - object->{{field.len_field}} = prefix - (offset - *len); +{% if field.size == 255 %} + object->{{field.len_field}} = (uint8_t)(prefix - (offset - *len)); +{% else %} + object->{{field.len_field}} = (uint16_t)(prefix - (offset - *len)); +{% endif %} {% endif %} if (object->{{field.len_field}} > 0) { if (*len < object->{{field.len_field}}) { diff --git a/src/app-layer-dnp3-objects.c b/src/app-layer-dnp3-objects.c index a0159ac1d4..0c672fdd80 100644 --- a/src/app-layer-dnp3-objects.c +++ b/src/app-layer-dnp3-objects.c @@ -7156,7 +7156,7 @@ static int DNP3DecodeObjectG70V4(const uint8_t **buf, uint32_t *len, if (prefix - (offset - *len) >= 255) { goto error; } - object->optional_text_len = prefix - (offset - *len); + object->optional_text_len = (uint8_t)(prefix - (offset - *len)); if (object->optional_text_len > 0) { if (*len < object->optional_text_len) { /* Not enough data. */ @@ -7223,7 +7223,7 @@ static int DNP3DecodeObjectG70V5(const uint8_t **buf, uint32_t *len, if (prefix - (offset - *len) >= 255) { goto error; } - object->file_data_len = prefix - (offset - *len); + object->file_data_len = (uint8_t)(prefix - (offset - *len)); if (object->file_data_len > 0) { if (*len < object->file_data_len) { /* Not enough data. */ @@ -7293,7 +7293,7 @@ static int DNP3DecodeObjectG70V6(const uint8_t **buf, uint32_t *len, if (prefix - (offset - *len) >= 255) { goto error; } - object->optional_text_len = prefix - (offset - *len); + object->optional_text_len = (uint8_t)(prefix - (offset - *len)); if (object->optional_text_len > 0) { if (*len < object->optional_text_len) { /* Not enough data. */ @@ -7425,7 +7425,7 @@ static int DNP3DecodeObjectG70V8(const uint8_t **buf, uint32_t *len, if (prefix - (offset - *len) >= 65535) { goto error; } - object->file_specification_len = prefix - (offset - *len); + object->file_specification_len = (uint16_t)(prefix - (offset - *len)); if (object->file_specification_len > 0) { if (*len < object->file_specification_len) { /* Not enough data. */ @@ -7764,7 +7764,10 @@ static int DNP3DecodeObjectG120V1(const uint8_t **buf, uint32_t *len, if (!DNP3ReadUint8(buf, len, &object->reason)) { goto error; } - object->challenge_data_len = prefix - (offset - *len); + if (prefix < (offset - *len)) { + goto error; + } + object->challenge_data_len = (uint16_t)(prefix - (offset - *len)); if (object->challenge_data_len > 0) { if (*len < object->challenge_data_len) { /* Not enough data. */ @@ -7834,7 +7837,10 @@ static int DNP3DecodeObjectG120V2(const uint8_t **buf, uint32_t *len, if (!DNP3ReadUint16(buf, len, &object->usr)) { goto error; } - object->mac_value_len = prefix - (offset - *len); + if (prefix < (offset - *len)) { + goto error; + } + object->mac_value_len = (uint16_t)(prefix - (offset - *len)); if (object->mac_value_len > 0) { if (*len < object->mac_value_len) { /* Not enough data. */ @@ -8018,7 +8024,10 @@ static int DNP3DecodeObjectG120V5(const uint8_t **buf, uint32_t *len, *buf += object->challenge_data_len; *len -= object->challenge_data_len; } - object->mac_value_len = prefix - (offset - *len); + if (prefix < (offset - *len)) { + goto error; + } + object->mac_value_len = (uint16_t)(prefix - (offset - *len)); if (object->mac_value_len > 0) { if (*len < object->mac_value_len) { /* Not enough data. */ @@ -8091,7 +8100,10 @@ static int DNP3DecodeObjectG120V6(const uint8_t **buf, uint32_t *len, if (!DNP3ReadUint16(buf, len, &object->usr)) { goto error; } - object->wrapped_key_data_len = prefix - (offset - *len); + if (prefix < (offset - *len)) { + goto error; + } + object->wrapped_key_data_len = (uint16_t)(prefix - (offset - *len)); if (object->wrapped_key_data_len > 0) { if (*len < object->wrapped_key_data_len) { /* Not enough data. */ @@ -8173,7 +8185,7 @@ static int DNP3DecodeObjectG120V7(const uint8_t **buf, uint32_t *len, if (prefix - (offset - *len) >= 65535) { goto error; } - object->error_text_len = prefix - (offset - *len); + object->error_text_len = (uint16_t)(prefix - (offset - *len)); if (object->error_text_len > 0) { if (*len < object->error_text_len) { /* Not enough data. */ @@ -8237,7 +8249,10 @@ static int DNP3DecodeObjectG120V8(const uint8_t **buf, uint32_t *len, if (!DNP3ReadUint8(buf, len, &object->certificate_type)) { goto error; } - object->certificate_len = prefix - (offset - *len); + if (prefix < (offset - *len)) { + goto error; + } + object->certificate_len = (uint16_t)(prefix - (offset - *len)); if (object->certificate_len > 0) { if (*len < object->certificate_len) { /* Not enough data. */ @@ -8297,7 +8312,10 @@ static int DNP3DecodeObjectG120V9(const uint8_t **buf, uint32_t *len, offset = *len; - object->mac_value_len = prefix - (offset - *len); + if (prefix < (offset - *len)) { + goto error; + } + object->mac_value_len = (uint16_t)(prefix - (offset - *len)); if (object->mac_value_len > 0) { if (*len < object->mac_value_len) { /* Not enough data. */ @@ -8688,7 +8706,10 @@ static int DNP3DecodeObjectG120V14(const uint8_t **buf, uint32_t *len, offset = *len; - object->digital_signature_len = prefix - (offset - *len); + if (prefix < (offset - *len)) { + goto error; + } + object->digital_signature_len = (uint16_t)(prefix - (offset - *len)); if (object->digital_signature_len > 0) { if (*len < object->digital_signature_len) { /* Not enough data. */ @@ -8752,7 +8773,10 @@ static int DNP3DecodeObjectG120V15(const uint8_t **buf, uint32_t *len, offset = *len; - object->mac_len = prefix - (offset - *len); + if (prefix < (offset - *len)) { + goto error; + } + object->mac_len = (uint16_t)(prefix - (offset - *len)); if (object->mac_len > 0) { if (*len < object->mac_len) { /* Not enough data. */ diff --git a/src/output-json-dnp3-objects.c b/src/output-json-dnp3-objects.c index 423220f694..41efc91af2 100644 --- a/src/output-json-dnp3-objects.c +++ b/src/output-json-dnp3-objects.c @@ -2347,10 +2347,10 @@ void OutputJsonDNP3SetItem(json_t *js, DNP3Object *object, json_integer(data->length)); unsigned long data_objects_b64_len = BASE64_BUFFER_SIZE(data->length); uint8_t data_objects_b64[data_objects_b64_len]; - Base64Encode(data->data_objects, data->length, - data_objects_b64, &data_objects_b64_len); - json_object_set_new(js, "data->data_objects", - json_string((char *)data_objects_b64)); + if (Base64Encode(data->data_objects, data->length, + data_objects_b64, &data_objects_b64_len) == SC_BASE64_OK) + json_object_set_new(js, "data->data_objects", + json_string((char *)data_objects_b64)); break; } case DNP3_OBJECT_CODE(86, 2): { @@ -2391,10 +2391,10 @@ void OutputJsonDNP3SetItem(json_t *js, DNP3Object *object, json_integer(data->reason)); unsigned long challenge_data_b64_len = BASE64_BUFFER_SIZE(data->challenge_data_len); uint8_t challenge_data_b64[challenge_data_b64_len]; - Base64Encode(data->challenge_data, data->challenge_data_len, - challenge_data_b64, &challenge_data_b64_len); - json_object_set_new(js, "data->challenge_data", - json_string((char *)challenge_data_b64)); + if (Base64Encode(data->challenge_data, data->challenge_data_len, + challenge_data_b64, &challenge_data_b64_len) == SC_BASE64_OK) + json_object_set_new(js, "data->challenge_data", + json_string((char *)challenge_data_b64)); break; } case DNP3_OBJECT_CODE(120, 2): { @@ -2405,10 +2405,10 @@ void OutputJsonDNP3SetItem(json_t *js, DNP3Object *object, json_integer(data->usr)); unsigned long mac_value_b64_len = BASE64_BUFFER_SIZE(data->mac_value_len); uint8_t mac_value_b64[mac_value_b64_len]; - Base64Encode(data->mac_value, data->mac_value_len, - mac_value_b64, &mac_value_b64_len); - json_object_set_new(js, "data->mac_value", - json_string((char *)mac_value_b64)); + if (Base64Encode(data->mac_value, data->mac_value_len, + mac_value_b64, &mac_value_b64_len) == SC_BASE64_OK) + json_object_set_new(js, "data->mac_value", + json_string((char *)mac_value_b64)); break; } case DNP3_OBJECT_CODE(120, 3): { @@ -2441,16 +2441,16 @@ void OutputJsonDNP3SetItem(json_t *js, DNP3Object *object, json_integer(data->challenge_data_len)); unsigned long challenge_data_b64_len = BASE64_BUFFER_SIZE(data->challenge_data_len); uint8_t challenge_data_b64[challenge_data_b64_len]; - Base64Encode(data->challenge_data, data->challenge_data_len, - challenge_data_b64, &challenge_data_b64_len); - json_object_set_new(js, "data->challenge_data", - json_string((char *)challenge_data_b64)); + if (Base64Encode(data->challenge_data, data->challenge_data_len, + challenge_data_b64, &challenge_data_b64_len) == SC_BASE64_OK) + json_object_set_new(js, "data->challenge_data", + json_string((char *)challenge_data_b64)); unsigned long mac_value_b64_len = BASE64_BUFFER_SIZE(data->mac_value_len); uint8_t mac_value_b64[mac_value_b64_len]; - Base64Encode(data->mac_value, data->mac_value_len, - mac_value_b64, &mac_value_b64_len); - json_object_set_new(js, "data->mac_value", - json_string((char *)mac_value_b64)); + if (Base64Encode(data->mac_value, data->mac_value_len, + mac_value_b64, &mac_value_b64_len) == SC_BASE64_OK) + json_object_set_new(js, "data->mac_value", + json_string((char *)mac_value_b64)); break; } case DNP3_OBJECT_CODE(120, 6): { @@ -2461,10 +2461,10 @@ void OutputJsonDNP3SetItem(json_t *js, DNP3Object *object, json_integer(data->usr)); unsigned long wrapped_key_data_b64_len = BASE64_BUFFER_SIZE(data->wrapped_key_data_len); uint8_t wrapped_key_data_b64[wrapped_key_data_b64_len]; - Base64Encode(data->wrapped_key_data, data->wrapped_key_data_len, - wrapped_key_data_b64, &wrapped_key_data_b64_len); - json_object_set_new(js, "data->wrapped_key_data", - json_string((char *)wrapped_key_data_b64)); + if (Base64Encode(data->wrapped_key_data, data->wrapped_key_data_len, + wrapped_key_data_b64, &wrapped_key_data_b64_len) == SC_BASE64_OK) + json_object_set_new(js, "data->wrapped_key_data", + json_string((char *)wrapped_key_data_b64)); break; } case DNP3_OBJECT_CODE(120, 7): { @@ -2499,20 +2499,20 @@ void OutputJsonDNP3SetItem(json_t *js, DNP3Object *object, json_integer(data->certificate_type)); unsigned long certificate_b64_len = BASE64_BUFFER_SIZE(data->certificate_len); uint8_t certificate_b64[certificate_b64_len]; - Base64Encode(data->certificate, data->certificate_len, - certificate_b64, &certificate_b64_len); - json_object_set_new(js, "data->certificate", - json_string((char *)certificate_b64)); + if (Base64Encode(data->certificate, data->certificate_len, + certificate_b64, &certificate_b64_len) == SC_BASE64_OK) + json_object_set_new(js, "data->certificate", + json_string((char *)certificate_b64)); break; } case DNP3_OBJECT_CODE(120, 9): { DNP3ObjectG120V9 *data = point->data; unsigned long mac_value_b64_len = BASE64_BUFFER_SIZE(data->mac_value_len); uint8_t mac_value_b64[mac_value_b64_len]; - Base64Encode(data->mac_value, data->mac_value_len, - mac_value_b64, &mac_value_b64_len); - json_object_set_new(js, "data->mac_value", - json_string((char *)mac_value_b64)); + if (Base64Encode(data->mac_value, data->mac_value_len, + mac_value_b64, &mac_value_b64_len) == SC_BASE64_OK) + json_object_set_new(js, "data->mac_value", + json_string((char *)mac_value_b64)); break; } case DNP3_OBJECT_CODE(120, 10): { @@ -2545,16 +2545,16 @@ void OutputJsonDNP3SetItem(json_t *js, DNP3Object *object, } unsigned long user_public_key_b64_len = BASE64_BUFFER_SIZE(data->user_public_key_len); uint8_t user_public_key_b64[user_public_key_b64_len]; - Base64Encode(data->user_public_key, data->user_public_key_len, - user_public_key_b64, &user_public_key_b64_len); - json_object_set_new(js, "data->user_public_key", - json_string((char *)user_public_key_b64)); + if (Base64Encode(data->user_public_key, data->user_public_key_len, + user_public_key_b64, &user_public_key_b64_len) == SC_BASE64_OK) + json_object_set_new(js, "data->user_public_key", + json_string((char *)user_public_key_b64)); unsigned long certification_data_b64_len = BASE64_BUFFER_SIZE(data->certification_data_len); uint8_t certification_data_b64[certification_data_b64_len]; - Base64Encode(data->certification_data, data->certification_data_len, - certification_data_b64, &certification_data_b64_len); - json_object_set_new(js, "data->certification_data", - json_string((char *)certification_data_b64)); + if (Base64Encode(data->certification_data, data->certification_data_len, + certification_data_b64, &certification_data_b64_len) == SC_BASE64_OK) + json_object_set_new(js, "data->certification_data", + json_string((char *)certification_data_b64)); break; } case DNP3_OBJECT_CODE(120, 11): { @@ -2577,10 +2577,10 @@ void OutputJsonDNP3SetItem(json_t *js, DNP3Object *object, } unsigned long master_challenge_data_b64_len = BASE64_BUFFER_SIZE(data->master_challenge_data_len); uint8_t master_challenge_data_b64[master_challenge_data_b64_len]; - Base64Encode(data->master_challenge_data, data->master_challenge_data_len, - master_challenge_data_b64, &master_challenge_data_b64_len); - json_object_set_new(js, "data->master_challenge_data", - json_string((char *)master_challenge_data_b64)); + if (Base64Encode(data->master_challenge_data, data->master_challenge_data_len, + master_challenge_data_b64, &master_challenge_data_b64_len) == SC_BASE64_OK) + json_object_set_new(js, "data->master_challenge_data", + json_string((char *)master_challenge_data_b64)); break; } case DNP3_OBJECT_CODE(120, 12): { @@ -2593,10 +2593,10 @@ void OutputJsonDNP3SetItem(json_t *js, DNP3Object *object, json_integer(data->challenge_data_len)); unsigned long challenge_data_b64_len = BASE64_BUFFER_SIZE(data->challenge_data_len); uint8_t challenge_data_b64[challenge_data_b64_len]; - Base64Encode(data->challenge_data, data->challenge_data_len, - challenge_data_b64, &challenge_data_b64_len); - json_object_set_new(js, "data->challenge_data", - json_string((char *)challenge_data_b64)); + if (Base64Encode(data->challenge_data, data->challenge_data_len, + challenge_data_b64, &challenge_data_b64_len) == SC_BASE64_OK) + json_object_set_new(js, "data->challenge_data", + json_string((char *)challenge_data_b64)); break; } case DNP3_OBJECT_CODE(120, 13): { @@ -2609,30 +2609,30 @@ void OutputJsonDNP3SetItem(json_t *js, DNP3Object *object, json_integer(data->encrypted_update_key_len)); unsigned long encrypted_update_key_data_b64_len = BASE64_BUFFER_SIZE(data->encrypted_update_key_len); uint8_t encrypted_update_key_data_b64[encrypted_update_key_data_b64_len]; - Base64Encode(data->encrypted_update_key_data, data->encrypted_update_key_len, - encrypted_update_key_data_b64, &encrypted_update_key_data_b64_len); - json_object_set_new(js, "data->encrypted_update_key_data", - json_string((char *)encrypted_update_key_data_b64)); + if (Base64Encode(data->encrypted_update_key_data, data->encrypted_update_key_len, + encrypted_update_key_data_b64, &encrypted_update_key_data_b64_len) == SC_BASE64_OK) + json_object_set_new(js, "data->encrypted_update_key_data", + json_string((char *)encrypted_update_key_data_b64)); break; } case DNP3_OBJECT_CODE(120, 14): { DNP3ObjectG120V14 *data = point->data; unsigned long digital_signature_b64_len = BASE64_BUFFER_SIZE(data->digital_signature_len); uint8_t digital_signature_b64[digital_signature_b64_len]; - Base64Encode(data->digital_signature, data->digital_signature_len, - digital_signature_b64, &digital_signature_b64_len); - json_object_set_new(js, "data->digital_signature", - json_string((char *)digital_signature_b64)); + if (Base64Encode(data->digital_signature, data->digital_signature_len, + digital_signature_b64, &digital_signature_b64_len) == SC_BASE64_OK) + json_object_set_new(js, "data->digital_signature", + json_string((char *)digital_signature_b64)); break; } case DNP3_OBJECT_CODE(120, 15): { DNP3ObjectG120V15 *data = point->data; unsigned long mac_b64_len = BASE64_BUFFER_SIZE(data->mac_len); uint8_t mac_b64[mac_b64_len]; - Base64Encode(data->mac, data->mac_len, - mac_b64, &mac_b64_len); - json_object_set_new(js, "data->mac", - json_string((char *)mac_b64)); + if (Base64Encode(data->mac, data->mac_len, + mac_b64, &mac_b64_len) == SC_BASE64_OK) + json_object_set_new(js, "data->mac", + json_string((char *)mac_b64)); break; } case DNP3_OBJECT_CODE(121, 1): {