From: Maya Dagon (mdagon) Date: Fri, 27 Oct 2023 10:00:40 +0000 (+0000) Subject: Pull request #4070: src: fix coverity warnings X-Git-Tag: 3.1.74.0~9 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=388d04845790054b6cea41c3ec9c26666e073bdd;p=thirdparty%2Fsnort3.git Pull request #4070: src: fix coverity warnings Merge in SNORT/snort3 from ~MDAGON/snort3:coverity to master Squashed commit of the following: commit 5085ae69eeeb397398e4e72704ab917a65c1c178 Author: maya dagon Date: Fri Oct 20 12:12:41 2023 -0400 src: fix coverity warnings --- diff --git a/src/actions/actions.cc b/src/actions/actions.cc index 9320e8a59..64a129b31 100644 --- a/src/actions/actions.cc +++ b/src/actions/actions.cc @@ -55,7 +55,7 @@ void Actions::alert(Packet* p, const OptTreeNode* otn) /* Call OptTreeNode specific output functions */ if (otn->outputFuncs) { - ListHead lh; // FIXIT-L use of ListHead for CallLogFuncs() is a little unwieldy here + ListHead lh = {}; // FIXIT-L use of ListHead for CallLogFuncs() is a little unwieldy here lh.LogList = otn->outputFuncs; CallLogFuncs(p, otn, &lh); } diff --git a/src/detection/fp_create.cc b/src/detection/fp_create.cc index cca11ef03..7cbccf92c 100644 --- a/src/detection/fp_create.cc +++ b/src/detection/fp_create.cc @@ -245,7 +245,7 @@ static int otn_create_tree(OptTreeNode* otn, void** existing_tree, Mpse::MpseTyp child->evaluate = opt_fp->OptTestFunc; child->num_children++; child->children = (detection_option_tree_node_t**) - snort_calloc(child->num_children, sizeof(child->children)); + snort_calloc(child->num_children, sizeof(detection_option_tree_node_t*)); child->is_relative = opt_fp->isRelative; bud->num_children++; diff --git a/src/main/snort_config.cc b/src/main/snort_config.cc index 06fa37c82..135665322 100644 --- a/src/main/snort_config.cc +++ b/src/main/snort_config.cc @@ -852,7 +852,8 @@ void SnortConfig::set_tunnel_verdicts(const char* args) else { - ParseError("unknown tunnel bypass protocol"); + ParseError("unknown tunnel bypass protocol %s", tok); + snort_free(tmp); return; } diff --git a/src/service_inspectors/wizard/hexes.cc b/src/service_inspectors/wizard/hexes.cc index 8bee72b15..2201fd0b9 100644 --- a/src/service_inspectors/wizard/hexes.cc +++ b/src/service_inspectors/wizard/hexes.cc @@ -132,8 +132,7 @@ bool HexBook::add_spell(const char* key, const char*& val, ArcaneType proto) if ( c == WILD and p->any ) p = p->any; - - else if ( p->next[c] ) + else if ( c != WILD and p->next[c] ) p = p->next[c]; else diff --git a/src/stream/stream.cc b/src/stream/stream.cc index 434144d01..19f67e2a7 100644 --- a/src/stream/stream.cc +++ b/src/stream/stream.cc @@ -232,7 +232,8 @@ void Stream::check_flow_closed(Packet* p) if ( !(p->packet_flags & PKT_STATELESS) ) { drop_traffic(p, SSN_DIR_BOTH); - p->active->set_drop_reason("stream"); + if (p->active) + p->active->set_drop_reason("stream"); if (PacketTracer::is_active()) PacketTracer::log("Stream: pending block, drop\n"); } diff --git a/tools/snort2lua/helpers/converter.cc b/tools/snort2lua/helpers/converter.cc index d2d5a42f2..16a6e7ac4 100644 --- a/tools/snort2lua/helpers/converter.cc +++ b/tools/snort2lua/helpers/converter.cc @@ -235,7 +235,8 @@ int Converter::parse_file( std::size_t first_non_white_char = tmp.find_first_not_of(" \f\n\r\t\v"); std::size_t last_non_space = tmp.find_last_not_of(' '); - bool comment = (tmp[first_non_white_char] == '#') or (tmp[first_non_white_char] == ';'); + bool comment = (first_non_white_char != std::string::npos) and ((tmp[first_non_white_char] == '#') or + (tmp[first_non_white_char] == ';')); bool commented_rule = tmp.substr(0, 7) == "# alert"; if ( !commented_rule && ((first_non_white_char == std::string::npos) || comment) )