From: Masud Hasan (mashasan) Date: Tue, 12 May 2020 20:29:23 +0000 (+0000) Subject: Merge pull request #2208 in SNORT/snort3 from ~MASHASAN/snort3:coverity_fixes to... X-Git-Tag: 3.0.1-4~11 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4ad1b7a41a3732b8d2a8d203f6cfe047616458c5;p=thirdparty%2Fsnort3.git Merge pull request #2208 in SNORT/snort3 from ~MASHASAN/snort3:coverity_fixes to master Squashed commit of the following: commit 5847f19f97b1ffbc82f969af25f09402a723fba6 Author: Masud Hasan Date: Mon May 11 19:42:35 2020 -0400 main: Fixing some issues reported by Coverity --- diff --git a/src/main/analyzer.cc b/src/main/analyzer.cc index 5c4a7b66c..c2cd39392 100644 --- a/src/main/analyzer.cc +++ b/src/main/analyzer.cc @@ -342,7 +342,7 @@ void Analyzer::post_process_daq_pkt_msg(Packet* p) } else if (p->active->is_packet_held() and Stream::set_packet_action_to_hold(p)) { - if (p->flow and p->flow->flags.trigger_detained_packet_event) + if (p->flow->flags.trigger_detained_packet_event) DataBus::publish(DETAINED_PACKET_EVENT, p); } else diff --git a/src/main/control_mgmt.cc b/src/main/control_mgmt.cc index cbe2a20ec..f2791280e 100644 --- a/src/main/control_mgmt.cc +++ b/src/main/control_mgmt.cc @@ -148,7 +148,8 @@ int ControlMgmt::socket_init() // FIXIT-M want to disable time wait int on = 1; - setsockopt(listener, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)); + if (setsockopt(listener, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) < 0) + FatalError("setsockopt() call failed: %s", get_error(errno)); if (::bind(listener, sock_addr, sock_addr_size) < 0) FatalError("bind failed: %s\n", get_error(errno)); diff --git a/src/main/modules.cc b/src/main/modules.cc index 8ecf11bd3..8829d7f8c 100644 --- a/src/main/modules.cc +++ b/src/main/modules.cc @@ -1007,9 +1007,6 @@ static const Parameter network_params[] = "all | ip | noip | tcp | notcp | udp | noudp | icmp | noicmp | none", "all", "checksums to verify" }, - { "decode_drops", Parameter::PT_BOOL, nullptr, "false", - "enable dropping of packets by the decoder" }, - { "id", Parameter::PT_INT, "0:65535", "0", "correlate unified2 events with configuration" }, @@ -1057,9 +1054,6 @@ bool NetworkModule::set(const char*, Value& v, SnortConfig* sc) else if ( v.is("checksum_eval") ) ConfigChecksumMode(v.get_string()); - else if ( v.is("decode_drops") ) - p->decoder_drop = v.get_bool(); - else if ( v.is("id") ) { p->user_policy_id = v.get_uint16(); diff --git a/src/main/policy.cc b/src/main/policy.cc index 2cefa7983..60821a7a6 100644 --- a/src/main/policy.cc +++ b/src/main/policy.cc @@ -81,6 +81,8 @@ void InspectionPolicy::init(InspectionPolicy* other_inspection_policy) { framework_policy = nullptr; cloned = false; + if (other_inspection_policy) + policy_id = other_inspection_policy->policy_id; InspectorManager::new_policy(this, other_inspection_policy); } diff --git a/src/main/policy.h b/src/main/policy.h index 2a8a1ac7b..b7269712e 100644 --- a/src/main/policy.h +++ b/src/main/policy.h @@ -98,8 +98,6 @@ public: uint32_t checksum_eval; uint32_t checksum_drop; uint32_t normal_mask; - - bool decoder_drop; }; //------------------------------------------------------------------------- @@ -117,7 +115,7 @@ public: void clone_dbus(snort::SnortConfig*, const char*); public: - PolicyId policy_id; + PolicyId policy_id = 0; PolicyMode policy_mode = POLICY_MODE__MAX; uint32_t user_policy_id = 0; uuid_t uuid{}; diff --git a/src/stream/ip/ip_defrag.cc b/src/stream/ip/ip_defrag.cc index 38b235e79..77481ddb2 100644 --- a/src/stream/ip/ip_defrag.cc +++ b/src/stream/ip/ip_defrag.cc @@ -1077,7 +1077,8 @@ int Defrag::insert(Packet* p, FragTracker* ft, FragEngine* fe) if (p->is_ip6() && (net_frag_offset == 0)) { const ip::IP6Frag* const fragHdr = layer::get_inner_ip6_frag(); - ft->ip_proto = fragHdr->ip6f_nxt; + if (fragHdr) + ft->ip_proto = fragHdr->ip6f_nxt; } /* diff --git a/src/stream/user/user_session.cc b/src/stream/user/user_session.cc index 961f08927..2a312aa95 100644 --- a/src/stream/user/user_session.cc +++ b/src/stream/user/user_session.cc @@ -492,7 +492,7 @@ int UserSession::process(Packet* p) UserTracker& ut = p->is_from_client() ? server : client; - if ( p->ptrs.decode_flags & DECODE_SOF or !ut.splitter ) + if ( !ut.splitter or p->ptrs.decode_flags & DECODE_SOF ) start(p, flow); if ( p->data && p->dsize )