From: Jeff Lucovsky Date: Sat, 9 Mar 2019 15:28:27 +0000 (-0800) Subject: Fix memory leak with TOS handling X-Git-Tag: suricata-5.0.0-beta1~145 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6123d7752746a2db828cbb07552d75568e208a75;p=thirdparty%2Fsuricata.git Fix memory leak with TOS handling Use `pcre_copy_substring` to avoid memory allocations when parsing TOS values. --- diff --git a/src/detect-tos.c b/src/detect-tos.c index c6ccb9bd10..4f6c2339f0 100644 --- a/src/detect-tos.c +++ b/src/detect-tos.c @@ -121,31 +121,33 @@ static DetectTosData *DetectTosParse(const char *arg, bool negate) goto error; } - const char *str_ptr; - res = pcre_get_substring((char *)arg, ov, MAX_SUBSTRINGS, 1, - &str_ptr); + /* For TOS value */ + char tosbytes_str[64] = ""; + res = pcre_copy_substring((char *)arg, ov, MAX_SUBSTRINGS, 1, + tosbytes_str, sizeof(tosbytes_str)); if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); + SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed"); goto error; } int64_t tos = 0; - if (*str_ptr == 'x' || *str_ptr == 'X') { - int r = ByteExtractStringSigned(&tos, 16, 0, str_ptr + 1); + if (tosbytes_str[0] == 'x' || tosbytes_str[0] == 'X') { + int r = ByteExtractStringSigned(&tos, 16, 0, &tosbytes_str[1]); if (r < 0) { goto error; } } else { - int r = ByteExtractStringSigned(&tos, 10, 0, str_ptr); + int r = ByteExtractStringSigned(&tos, 10, 0, &tosbytes_str[0]); if (r < 0) { goto error; } } + if (!(tos >= DETECT_IPTOS_MIN && tos <= DETECT_IPTOS_MAX)) { SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid tos argument - " "%s. The tos option value must be in the range " - "%u - %u", str_ptr, DETECT_IPTOS_MIN, DETECT_IPTOS_MAX); + "%u - %u", tosbytes_str, DETECT_IPTOS_MIN, DETECT_IPTOS_MAX); goto error; }