From: Steve Chew (stechew) Date: Fri, 15 May 2020 19:53:20 +0000 (+0000) Subject: Merge pull request #2209 in SNORT/snort3 from ~SBAIGAL/snort3:coverity_fix to master X-Git-Tag: 3.0.1-4~7 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1cb589517e7dde2638f644739cd58f8669b1ea96;p=thirdparty%2Fsnort3.git Merge pull request #2209 in SNORT/snort3 from ~SBAIGAL/snort3:coverity_fix to master Squashed commit of the following: commit 2496431615a57a9656134448372bd54765f22693 Author: Steven Baigal (sbaigal) Date: Wed May 6 16:46:36 2020 -0400 coverity: fixed issues discovered by Coverity tool --- diff --git a/src/ips_options/ips_asn1.cc b/src/ips_options/ips_asn1.cc index cb067e213..2abccf341 100644 --- a/src/ips_options/ips_asn1.cc +++ b/src/ips_options/ips_asn1.cc @@ -209,7 +209,7 @@ public: { return DETECT; } public: - ASN1_CTXT data; + ASN1_CTXT data = {}; }; bool Asn1Module::begin(const char*, int, SnortConfig*) diff --git a/src/ips_options/ips_base64.cc b/src/ips_options/ips_base64.cc index df31e3ef5..765118da0 100644 --- a/src/ips_options/ips_base64.cc +++ b/src/ips_options/ips_base64.cc @@ -189,7 +189,7 @@ public: { return DETECT; } public: - Base64DecodeData data; + Base64DecodeData data = {}; }; bool B64DecodeModule::begin(const char*, int, SnortConfig*) diff --git a/src/ips_options/ips_ber_data.cc b/src/ips_options/ips_ber_data.cc index 06b521bee..fe08a1981 100644 --- a/src/ips_options/ips_ber_data.cc +++ b/src/ips_options/ips_ber_data.cc @@ -128,7 +128,7 @@ public: { return DETECT; } public: - uint32_t type; + uint32_t type = 0; }; bool BerDataModule::begin(const char*, int, SnortConfig*) diff --git a/src/ips_options/ips_ber_skip.cc b/src/ips_options/ips_ber_skip.cc index 4d4765cde..9ecf370c5 100644 --- a/src/ips_options/ips_ber_skip.cc +++ b/src/ips_options/ips_ber_skip.cc @@ -139,8 +139,8 @@ public: { return DETECT; } public: - uint32_t type; - bool optional; + uint32_t type = 0; + bool optional = false; }; bool BerSkipModule::begin(const char*, int, SnortConfig*) diff --git a/src/ips_options/ips_byte_extract.cc b/src/ips_options/ips_byte_extract.cc index 9213600c8..2c68e2c51 100644 --- a/src/ips_options/ips_byte_extract.cc +++ b/src/ips_options/ips_byte_extract.cc @@ -342,7 +342,7 @@ static const Parameter s_params[] = class ExtractModule : public Module { public: - ExtractModule() : Module(s_name, s_help, s_params) { } + ExtractModule() : Module(s_name, s_help, s_params) { data.multiplier = 1; } bool begin(const char*, int, SnortConfig*) override; bool end(const char*, int, SnortConfig*) override; @@ -355,7 +355,7 @@ public: { return DETECT; } public: - ByteExtractData data; + ByteExtractData data = {}; }; bool ExtractModule::begin(const char*, int, SnortConfig*) diff --git a/src/ips_options/ips_byte_jump.cc b/src/ips_options/ips_byte_jump.cc index ea672a92c..8cb9e87c2 100644 --- a/src/ips_options/ips_byte_jump.cc +++ b/src/ips_options/ips_byte_jump.cc @@ -383,7 +383,7 @@ static const Parameter s_params[] = class ByteJumpModule : public Module { public: - ByteJumpModule() : Module(s_name, s_help, s_params) { } + ByteJumpModule() : Module(s_name, s_help, s_params) { data.multiplier = 1; } bool begin(const char*, int, SnortConfig*) override; bool end(const char*, int, SnortConfig*) override; @@ -396,7 +396,7 @@ public: { return DETECT; } public: - ByteJumpData data; + ByteJumpData data = {}; string var; string post_var; }; diff --git a/src/ips_options/ips_byte_math.cc b/src/ips_options/ips_byte_math.cc index 68b47d2cd..d7137ef25 100644 --- a/src/ips_options/ips_byte_math.cc +++ b/src/ips_options/ips_byte_math.cc @@ -367,7 +367,7 @@ public: { return DETECT; } public: - ByteMathData data; + ByteMathData data = {}; string rvalue_var; string off_var; }; diff --git a/src/ips_options/ips_byte_test.cc b/src/ips_options/ips_byte_test.cc index 2ad0b406e..a4be24e80 100644 --- a/src/ips_options/ips_byte_test.cc +++ b/src/ips_options/ips_byte_test.cc @@ -478,7 +478,7 @@ public: { return DETECT; } public: - ByteTestData data; + ByteTestData data = {}; string cmp_var; string off_var; }; diff --git a/src/ips_options/ips_classtype.cc b/src/ips_options/ips_classtype.cc index 70f842ba8..b64ee645d 100644 --- a/src/ips_options/ips_classtype.cc +++ b/src/ips_options/ips_classtype.cc @@ -56,7 +56,7 @@ public: { return DETECT; } public: - const ClassType* type; + const ClassType* type = nullptr; }; bool ClassTypeModule::set(const char*, Value& v, SnortConfig* sc) diff --git a/src/ips_options/ips_cvs.cc b/src/ips_options/ips_cvs.cc index b17c8f893..58af1300b 100644 --- a/src/ips_options/ips_cvs.cc +++ b/src/ips_options/ips_cvs.cc @@ -401,7 +401,7 @@ public: { return DETECT; } public: - CvsRuleOption data; + CvsRuleOption data = {}; }; bool CvsModule::begin(const char*, int, SnortConfig*) diff --git a/src/ips_options/ips_detection_filter.cc b/src/ips_options/ips_detection_filter.cc index 1dfc811a8..5f1132d59 100644 --- a/src/ips_options/ips_detection_filter.cc +++ b/src/ips_options/ips_detection_filter.cc @@ -68,8 +68,8 @@ public: { return DETECT; } public: - THDX_STRUCT thdx; - DetectionFilterConfig* dfc; + THDX_STRUCT thdx = {}; + DetectionFilterConfig* dfc = nullptr; }; bool DetectionFilterModule::begin(const char*, int, SnortConfig* sc) diff --git a/src/ips_options/ips_enable.cc b/src/ips_options/ips_enable.cc index eda285c03..4d0014be4 100644 --- a/src/ips_options/ips_enable.cc +++ b/src/ips_options/ips_enable.cc @@ -58,7 +58,7 @@ public: { return DETECT; } public: - IpsPolicy::Enable enable; + IpsPolicy::Enable enable = IpsPolicy::Enable::ENABLED; }; bool EnableModule::begin(const char*, int, SnortConfig* sc) diff --git a/src/ips_options/ips_flags.cc b/src/ips_options/ips_flags.cc index b0453a830..b505d2177 100644 --- a/src/ips_options/ips_flags.cc +++ b/src/ips_options/ips_flags.cc @@ -357,7 +357,7 @@ public: { return DETECT; } public: - TcpFlagCheckData data; + TcpFlagCheckData data = {}; }; bool FlagsModule::begin(const char*, int, SnortConfig*) diff --git a/src/ips_options/ips_flow.cc b/src/ips_options/ips_flow.cc index 789c44bbd..bedf084aa 100644 --- a/src/ips_options/ips_flow.cc +++ b/src/ips_options/ips_flow.cc @@ -340,7 +340,7 @@ public: { return DETECT; } public: - FlowCheckData data; + FlowCheckData data = {}; }; bool FlowModule::begin(const char*, int, SnortConfig*) diff --git a/src/ips_options/ips_flowbits.cc b/src/ips_options/ips_flowbits.cc index 25d1ad576..ed6c72bbc 100644 --- a/src/ips_options/ips_flowbits.cc +++ b/src/ips_options/ips_flowbits.cc @@ -467,7 +467,7 @@ public: FlowBitCheck* get_data(); public: - FlowBitCheck::Op op; + FlowBitCheck::Op op = FlowBitCheck::Op::SET; std::string bits; FlowBitCheck* fbc = nullptr; }; diff --git a/src/ips_options/ips_gid.cc b/src/ips_options/ips_gid.cc index 80a2f232f..15edae441 100644 --- a/src/ips_options/ips_gid.cc +++ b/src/ips_options/ips_gid.cc @@ -55,7 +55,7 @@ public: { return DETECT; } public: - uint32_t gid; + uint32_t gid = 0; }; bool GidModule::set(const char*, Value& v, SnortConfig*) diff --git a/src/ips_options/ips_hash.cc b/src/ips_options/ips_hash.cc index 1023b1795..f367ba418 100644 --- a/src/ips_options/ips_hash.cc +++ b/src/ips_options/ips_hash.cc @@ -223,7 +223,8 @@ IpsOption::EvalStatus HashOption::eval(Cursor& c, Packet*) static void parse_hash(HashMatchData* hmd, const char* rule) { - parse_byte_code(rule, hmd->negated, hmd->hash); + if (!parse_byte_code(rule, hmd->negated, hmd->hash)) + ParseError("Invalid hash"); } // FIXIT-L refactor for general use? diff --git a/src/ips_options/ips_ip_proto.cc b/src/ips_options/ips_ip_proto.cc index c263d595e..ce9cbf953 100644 --- a/src/ips_options/ips_ip_proto.cc +++ b/src/ips_options/ips_ip_proto.cc @@ -239,7 +239,7 @@ public: { return DETECT; } public: - IpProtoData data; + IpProtoData data = {}; }; bool IpProtoModule::begin(const char*, int, SnortConfig*) diff --git a/src/ips_options/ips_ipopts.cc b/src/ips_options/ips_ipopts.cc index 48c0480d3..c3fcd271b 100644 --- a/src/ips_options/ips_ipopts.cc +++ b/src/ips_options/ips_ipopts.cc @@ -212,7 +212,7 @@ public: { return DETECT; } public: - IpOptionData data; + IpOptionData data = {}; }; bool IpOptModule::begin(const char*, int, SnortConfig*) diff --git a/src/ips_options/ips_isdataat.cc b/src/ips_options/ips_isdataat.cc index 37df2ddac..15b9a7553 100644 --- a/src/ips_options/ips_isdataat.cc +++ b/src/ips_options/ips_isdataat.cc @@ -246,7 +246,7 @@ public: { return DETECT; } public: - IsDataAtData data; + IsDataAtData data = {}; }; bool IsDataAtModule::begin(const char*, int, SnortConfig*) diff --git a/src/ips_options/ips_metadata.cc b/src/ips_options/ips_metadata.cc index 962882de0..5c6a36878 100644 --- a/src/ips_options/ips_metadata.cc +++ b/src/ips_options/ips_metadata.cc @@ -58,7 +58,7 @@ public: Usage get_usage() const override { return DETECT; } - bool match; + bool match = false; }; bool MetadataModule::begin(const char*, int, SnortConfig*) diff --git a/src/ips_options/ips_priority.cc b/src/ips_options/ips_priority.cc index 1f3718e0e..742859c57 100644 --- a/src/ips_options/ips_priority.cc +++ b/src/ips_options/ips_priority.cc @@ -55,7 +55,7 @@ public: { return DETECT; } public: - int priority; + int priority = 0; }; bool PriorityModule::set(const char*, Value& v, SnortConfig*) diff --git a/src/ips_options/ips_reference.cc b/src/ips_options/ips_reference.cc index 78f5cf9ba..4d2c89ef9 100644 --- a/src/ips_options/ips_reference.cc +++ b/src/ips_options/ips_reference.cc @@ -59,7 +59,7 @@ public: public: std::string scheme; std::string id; - SnortConfig* snort_config; + SnortConfig* snort_config = nullptr; }; bool ReferenceModule::begin(const char*, int, SnortConfig* sc) diff --git a/src/ips_options/ips_regex.cc b/src/ips_options/ips_regex.cc index 6159e5e23..c99ddcc24 100644 --- a/src/ips_options/ips_regex.cc +++ b/src/ips_options/ips_regex.cc @@ -278,7 +278,7 @@ bool RegexModule::begin(const char* name, int, SnortConfig*) bool RegexModule::convert_pcre_to_regex_form() { size_t pos = config.re.find_first_of("\"!"); - if (config.re[pos] == '!') + if (pos != std::string::npos and config.re[pos] == '!') return false; config.re.erase(0,2); diff --git a/src/ips_options/ips_rev.cc b/src/ips_options/ips_rev.cc index 07c043d6d..a1af281c9 100644 --- a/src/ips_options/ips_rev.cc +++ b/src/ips_options/ips_rev.cc @@ -55,7 +55,7 @@ public: { return DETECT; } public: - uint32_t rev; + uint32_t rev = 0; }; bool RevModule::set(const char*, Value& v, SnortConfig*) diff --git a/src/ips_options/ips_rpc.cc b/src/ips_options/ips_rpc.cc index 7c3f27eb9..89b8b2985 100644 --- a/src/ips_options/ips_rpc.cc +++ b/src/ips_options/ips_rpc.cc @@ -257,7 +257,7 @@ public: { return DETECT; } public: - RpcCheckData data; + RpcCheckData data = {}; }; bool RpcModule::begin(const char*, int, SnortConfig*) diff --git a/src/ips_options/ips_sid.cc b/src/ips_options/ips_sid.cc index ef67f1c27..8695d6c46 100644 --- a/src/ips_options/ips_sid.cc +++ b/src/ips_options/ips_sid.cc @@ -55,7 +55,7 @@ public: { return DETECT; } public: - uint32_t sid; + uint32_t sid = 0; }; bool SidModule::set(const char*, Value& v, SnortConfig*) diff --git a/src/ips_options/ips_so.cc b/src/ips_options/ips_so.cc index f94702210..3467ecb85 100644 --- a/src/ips_options/ips_so.cc +++ b/src/ips_options/ips_so.cc @@ -143,8 +143,8 @@ public: public: string name; - bool relative_flag; - SnortConfig* cfg; + bool relative_flag = false; + SnortConfig* cfg = nullptr; }; bool SoModule::begin(const char*, int, SnortConfig* sc) diff --git a/src/ips_options/ips_target.cc b/src/ips_options/ips_target.cc index 68c54caa6..7481aa63e 100644 --- a/src/ips_options/ips_target.cc +++ b/src/ips_options/ips_target.cc @@ -55,7 +55,7 @@ public: { return DETECT; } public: - Target target; + Target target = Target::TARGET_NONE; }; bool TargetModule::set(const char*, Value& v, SnortConfig*) diff --git a/src/loggers/alert_csv.cc b/src/loggers/alert_csv.cc index 9ae5838ea..f223b1a2c 100644 --- a/src/loggers/alert_csv.cc +++ b/src/loggers/alert_csv.cc @@ -207,7 +207,7 @@ static void ff_eth_type(const Args& a) static void ff_flowstart_time(const Args& a) { if (a.pkt->flow) - TextLog_Print(csv_log, "%u", a.pkt->flow->flowstats.start_time.tv_sec); + TextLog_Print(csv_log, "%lu", a.pkt->flow->flowstats.start_time.tv_sec); } static void ff_gid(const Args& a) @@ -318,7 +318,7 @@ static void ff_rule(const Args& a) static void ff_seconds(const Args& a) { - TextLog_Print(csv_log, "%u", a.pkt->pkth->ts.tv_sec); + TextLog_Print(csv_log, "%lu", a.pkt->pkth->ts.tv_sec); } static void ff_server_bytes(const Args& a) @@ -525,8 +525,8 @@ public: { return GLOBAL; } public: - bool file; - size_t limit; + bool file = false; + size_t limit = 0; string sep; vector fields; }; @@ -543,7 +543,11 @@ bool CsvModule::set(const char*, Value& v, SnortConfig*) fields.clear(); while ( v.get_next_token(tok) ) - fields.emplace_back(csv_func[Parameter::index(csv_range, tok.c_str())]); + { + int i = Parameter::index(csv_range, tok.c_str()); + if ( i >= 0 ) + fields.emplace_back(csv_func[i]); + } } else if ( v.is("limit") ) @@ -571,7 +575,11 @@ bool CsvModule::begin(const char*, int, SnortConfig*) v.set_first_token(); while ( v.get_next_token(tok) ) - fields.emplace_back(csv_func[Parameter::index(csv_range, tok.c_str())]); + { + int i = Parameter::index(csv_range, tok.c_str()); + if ( i >= 0 ) + fields.emplace_back(csv_func[i]); + } } return true; } diff --git a/src/loggers/alert_fast.cc b/src/loggers/alert_fast.cc index 26a7befd0..7ffd70ee6 100644 --- a/src/loggers/alert_fast.cc +++ b/src/loggers/alert_fast.cc @@ -101,9 +101,9 @@ public: { return GLOBAL; } public: - size_t limit; - bool file; - bool packet; + size_t limit = 0; + bool file = false; + bool packet = false; }; bool FastModule::set(const char*, Value& v, SnortConfig*) diff --git a/src/loggers/alert_full.cc b/src/loggers/alert_full.cc index 65225603f..4de7f3712 100644 --- a/src/loggers/alert_full.cc +++ b/src/loggers/alert_full.cc @@ -87,8 +87,8 @@ public: { return GLOBAL; } public: - bool file; - size_t limit; + bool file = false; + size_t limit = 0; }; bool FullModule::set(const char*, Value& v, SnortConfig*) diff --git a/src/loggers/alert_json.cc b/src/loggers/alert_json.cc index cf7025300..41255f18e 100644 --- a/src/loggers/alert_json.cc +++ b/src/loggers/alert_json.cc @@ -262,7 +262,7 @@ static bool ff_flowstart_time(const Args& a) if (a.pkt->flow) { print_label(a, "flowstart_time"); - TextLog_Print(json_log, "%u", a.pkt->flow->flowstats.start_time.tv_sec); + TextLog_Print(json_log, "%lu", a.pkt->flow->flowstats.start_time.tv_sec); return true; } return false; @@ -433,7 +433,7 @@ static bool ff_rule(const Args& a) static bool ff_seconds(const Args& a) { print_label(a, "seconds"); - TextLog_Print(json_log, "%u", a.pkt->pkth->ts.tv_sec); + TextLog_Print(json_log, "%lu", a.pkt->pkth->ts.tv_sec); return true; } @@ -717,8 +717,8 @@ public: { return GLOBAL; } public: - bool file; - size_t limit; + bool file = false; + size_t limit = 0; string sep; vector fields; }; @@ -735,7 +735,11 @@ bool JsonModule::set(const char*, Value& v, SnortConfig*) fields.clear(); while ( v.get_next_token(tok) ) - fields.emplace_back(json_func[Parameter::index(json_range, tok.c_str())]); + { + int i = Parameter::index(json_range, tok.c_str()); + if ( i >= 0 ) + fields.emplace_back(json_func[i]); + } } else if ( v.is("limit") ) @@ -763,7 +767,11 @@ bool JsonModule::begin(const char*, int, SnortConfig*) v.set_first_token(); while ( v.get_next_token(tok) ) - fields.emplace_back(json_func[Parameter::index(json_range, tok.c_str())]); + { + int i = Parameter::index(json_range, tok.c_str()); + if ( i >= 0 ) + fields.emplace_back(json_func[i]); + } } return true; } diff --git a/src/loggers/alert_sf_socket.cc b/src/loggers/alert_sf_socket.cc index 92469fb22..9c15e4b4a 100644 --- a/src/loggers/alert_sf_socket.cc +++ b/src/loggers/alert_sf_socket.cc @@ -38,6 +38,7 @@ #include "protocols/packet.h" #include "target_based/snort_protocols.h" #include "utils/util.h" +#include "utils/util_cstring.h" using namespace snort; using namespace std; @@ -105,7 +106,7 @@ public: public: string file; RuleVector rulez; - RuleId rule; + RuleId rule = {}; }; bool SfSocketModule::set(const char*, Value& v, SnortConfig*) @@ -173,7 +174,7 @@ static void sock_init(const char* args) memset(&context.addr, 0, sizeof(context.addr)); context.addr.sun_family = AF_UNIX; - memcpy(context.addr.sun_path + 1, name.c_str(), strlen(name.c_str())); + SnortStrncpy(context.addr.sun_path, name.c_str(), sizeof(context.addr.sun_path)); if (AlertSFSocket_Connect() == 0) context.connected = 1; diff --git a/src/loggers/alert_syslog.cc b/src/loggers/alert_syslog.cc index 3f7fd0ee7..1cc4f88ed 100644 --- a/src/loggers/alert_syslog.cc +++ b/src/loggers/alert_syslog.cc @@ -151,9 +151,9 @@ public: { return GLOBAL; } public: - int facility; - int level; - int options; + int facility = 0; + int level = 0; + int options = 0; }; bool SyslogModule::set(const char*, Value& v, SnortConfig*) diff --git a/src/loggers/alert_unixsock.cc b/src/loggers/alert_unixsock.cc index bbe25d291..c20834853 100644 --- a/src/loggers/alert_unixsock.cc +++ b/src/loggers/alert_unixsock.cc @@ -31,6 +31,7 @@ #include "log/messages.h" #include "protocols/packet.h" #include "utils/util.h" +#include "utils/util_cstring.h" using namespace snort; @@ -212,7 +213,7 @@ static void OpenAlertSock() us.addr.sun_family = AF_UNIX; /* copy path over and preserve a null byte at the end */ - strncpy(us.addr.sun_path, name.c_str(), sizeof(us.addr.sun_path)-1); + SnortStrncpy(us.addr.sun_path, name.c_str(), sizeof(us.addr.sun_path)); if ( (us.socket = socket(AF_UNIX, SOCK_DGRAM, 0)) < 0 ) FatalError("socket() call failed: %s", get_error(errno)); diff --git a/src/loggers/log_codecs.cc b/src/loggers/log_codecs.cc index 67814976a..aac88c176 100644 --- a/src/loggers/log_codecs.cc +++ b/src/loggers/log_codecs.cc @@ -71,8 +71,8 @@ public: { return GLOBAL; } public: - bool print_to_file; - uint8_t flags; + bool print_to_file = false; + uint8_t flags = 0; }; } // namespace diff --git a/src/loggers/log_hext.cc b/src/loggers/log_hext.cc index 0dd4c6ef0..eea98a901 100644 --- a/src/loggers/log_hext.cc +++ b/src/loggers/log_hext.cc @@ -82,7 +82,7 @@ void DaqMessageEventHandler::handle(DataEvent& event, Flow*) int vlan_tag = fs->vlan_tag == 0xfff ? 0 : fs->vlan_tag; TextLog_Print(hext_log, - "\n$%s %d %d %d %d %s %d %s %d %d %d %d %d %d %d %d %d %d %d %d %d %d\n", + "\n$%s %d %d %d %d %s %d %s %d %u %lu %lu %lu %lu %lu %lu %d %lu %lu %d %d %d\n", cmd, fs->ingressZone, fs->egressZone, @@ -196,10 +196,10 @@ public: { return GLOBAL; } public: - bool file; - bool raw; - size_t limit; - unsigned width; + bool file = false; + bool raw = false; + size_t limit = 0; + unsigned width = 20; }; bool HextModule::set(const char*, Value& v, SnortConfig*) diff --git a/src/loggers/log_pcap.cc b/src/loggers/log_pcap.cc index ccdc1791c..55a5569b7 100644 --- a/src/loggers/log_pcap.cc +++ b/src/loggers/log_pcap.cc @@ -96,7 +96,7 @@ public: { return GLOBAL; } public: - size_t limit; + size_t limit = 0; }; bool TcpdumpModule::set(const char*, Value& v, SnortConfig*) diff --git a/src/loggers/unified2.cc b/src/loggers/unified2.cc index 29cbee71d..940a8e452 100644 --- a/src/loggers/unified2.cc +++ b/src/loggers/unified2.cc @@ -335,7 +335,7 @@ static void _Unified2LogPacketAlert( unsigned u2_type, U2PseudoHeader* u2h = nullptr) { Serial_Unified2_Header hdr; - Serial_Unified2Packet logheader; + Serial_Unified2Packet logheader = {}; uint32_t pkt_length = 0; uint32_t write_len = sizeof(hdr) + sizeof(Serial_Unified2Packet) - 4; @@ -817,9 +817,9 @@ public: { return GLOBAL; } public: - size_t limit; - bool nostamp; - bool legacy_events; + size_t limit = 0; + bool nostamp = true; + bool legacy_events = false; }; bool U2Module::set(const char*, Value& v, SnortConfig*) diff --git a/src/main/control_mgmt.cc b/src/main/control_mgmt.cc index f2791280e..fabb4f8d5 100644 --- a/src/main/control_mgmt.cc +++ b/src/main/control_mgmt.cc @@ -36,6 +36,7 @@ #include "control.h" #include "request.h" #include "snort_config.h" +#include "utils/util_cstring.h" using namespace snort; using namespace std; @@ -460,7 +461,7 @@ int ControlMgmt::setup_socket_family() memset(&unix_addr, 0, sizeof(unix_addr)); unix_addr.sun_family = AF_UNIX; - strncpy(unix_addr.sun_path, fullpath.c_str(), sizeof(unix_addr.sun_path)-1); + SnortStrncpy(unix_addr.sun_path, fullpath.c_str(), sizeof(unix_addr.sun_path)); sock_addr = (struct sockaddr*)&unix_addr; sock_addr_size = sizeof(unix_addr); unlink(fullpath.c_str()); diff --git a/src/managers/so_manager.cc b/src/managers/so_manager.cc index f2eeec4a9..1dc4e16dd 100644 --- a/src/managers/so_manager.cc +++ b/src/managers/so_manager.cc @@ -296,6 +296,7 @@ void SoManager::rule_to_hex(const char*) const unsigned hex_per_row = 16; + std::ios_base::fmtflags f(cout.flags()); cout << "static const uint8_t rule_" << var; cout << "[] =" << endl; cout << "{" << endl << " "; @@ -316,6 +317,7 @@ void SoManager::rule_to_hex(const char*) cout << "};" << endl; cout << "static const unsigned rule_" << var << "_len = "; cout << data.size() << ";" << endl; + cout.flags(f); } void SoManager::rule_to_text(const char* delim) diff --git a/src/network_inspectors/perf_monitor/cpu_tracker.h b/src/network_inspectors/perf_monitor/cpu_tracker.h index e44881583..f28e86f52 100644 --- a/src/network_inspectors/perf_monitor/cpu_tracker.h +++ b/src/network_inspectors/perf_monitor/cpu_tracker.h @@ -37,9 +37,9 @@ protected: private: //19 bits for microseconds //45 bits for seconds (out to year 1116918) - uint64_t last_wt; - uint64_t last_ut; - uint64_t last_st; + uint64_t last_wt = 0; + uint64_t last_ut = 0; + uint64_t last_st = 0; PegCount user_stat; PegCount system_stat; diff --git a/src/network_inspectors/perf_monitor/flow_ip_tracker.cc b/src/network_inspectors/perf_monitor/flow_ip_tracker.cc index 9a4d0c5ac..94f568284 100644 --- a/src/network_inspectors/perf_monitor/flow_ip_tracker.cc +++ b/src/network_inspectors/perf_monitor/flow_ip_tracker.cc @@ -129,6 +129,7 @@ FlowIPTracker::FlowIPTracker(PerfConfig* perf) : PerfTracker(perf, TRACKER_NAME) formatter->register_field("udp_created", (PegCount*) &stats.state_changes[SFS_STATE_UDP_CREATED]); formatter->finalize_fields(); + stats.total_packets = stats.total_bytes = 0; memcap = perf->flowip_memcap; ip_map = new XHash(DEFAULT_XHASH_NROWS, sizeof(FlowStateKey), sizeof(FlowStateValue), memcap); diff --git a/src/network_inspectors/perf_monitor/perf_tracker.h b/src/network_inspectors/perf_monitor/perf_tracker.h index 168628748..0a0f814de 100644 --- a/src/network_inspectors/perf_monitor/perf_tracker.h +++ b/src/network_inspectors/perf_monitor/perf_tracker.h @@ -73,13 +73,13 @@ protected: virtual void write(); uint64_t max_file_size = 0; - PerfFormatter* formatter; + PerfFormatter* formatter = nullptr; private: std::string fname; std::string tracker_name; FILE* fh = nullptr; - time_t cur_time; + time_t cur_time = 0; }; #endif