From: Wolfgang Hotwagner <code@feedyourhead.at>
Date: Sat, 9 Dec 2017 13:18:49 +0000 (+0000)
Subject: conf: multiple NULL-pointer dereferences in FlowInitConfig
X-Git-Tag: suricata-4.0.4~56
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=08560016cc476906d8b6c8f5eecfa3ee26ceb573;p=thirdparty%2Fsuricata.git

conf: multiple NULL-pointer dereferences in FlowInitConfig

This commit fixes multiple NULL-pointer dereferences in FlowInitConfig after reading in config-values(flow.hash-size, flow.prealloc and flow.memcap) for flow. Here is a sample ASAN-output:

=================================================================
ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fea73456646 bp 0x7fffd70e1ba0 sp 0x7fffd70e1328 T0)
0 0x7fea73456645 in strlen (/lib/x86_64-linux-gnu/libc.so.6+0x80645)
1 0x7fea76c98eec (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x3beec)
2 0x5643efb4c205 in FlowInitConfig /root/suricata-1/src/flow.c:455
3 0x5643efcd1751 in PreRunInit /root/suricata-1/src/suricata.c:2247
4 0x5643efcd49f4 in PostConfLoadedSetup /root/suricata-1/src/suricata.c:2748
5 0x5643efcd5402 in main /root/suricata-1/src/suricata.c:2884
6 0x7fea733f62b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
7 0x5643ef8761a9 in _start (/usr/local/bin/suricata+0xc51a9)

Ticketno: Bug #2349
---

diff --git a/src/flow.c b/src/flow.c
index c371b54e16..447a49d618 100644
--- a/src/flow.c
+++ b/src/flow.c
@@ -409,6 +409,11 @@ void FlowInitConfig(char quiet)
     /** set config values for memcap, prealloc and hash_size */
     if ((ConfGet("flow.memcap", &conf_val)) == 1)
     {
+        if (conf_val == NULL) {
+            SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,"Invalid value for flow.memcap: NULL");
+	    exit(EXIT_FAILURE);
+        }
+
         if (ParseSizeStringU64(conf_val, &flow_config.memcap) < 0) {
             SCLogError(SC_ERR_SIZE_PARSE, "Error parsing flow.memcap "
                        "from conf file - %s.  Killing engine",
@@ -418,6 +423,11 @@ void FlowInitConfig(char quiet)
     }
     if ((ConfGet("flow.hash-size", &conf_val)) == 1)
     {
+        if (conf_val == NULL) {
+            SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,"Invalid value for flow.hash-size: NULL");
+	    exit(EXIT_FAILURE);
+        }
+
         if (ByteExtractStringUint32(&configval, 10, strlen(conf_val),
                                     conf_val) > 0) {
             flow_config.hash_size = configval;
@@ -425,6 +435,11 @@ void FlowInitConfig(char quiet)
     }
     if ((ConfGet("flow.prealloc", &conf_val)) == 1)
     {
+        if (conf_val == NULL) {
+            SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,"Invalid value for flow.prealloc: NULL");
+	    exit(EXIT_FAILURE);
+        }
+
         if (ByteExtractStringUint32(&configval, 10, strlen(conf_val),
                                     conf_val) > 0) {
             flow_config.prealloc = configval;