From: jason taylor Date: Thu, 17 Oct 2019 00:26:51 +0000 (-0400) Subject: conf: add value checks for datasets hash/prealloc X-Git-Tag: suricata-5.0.3~25 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=73bf285f7e79f8aac0acd49067cf2f6a13f4d64c;p=thirdparty%2Fsuricata.git conf: add value checks for datasets hash/prealloc Signed-off-by: jason taylor --- diff --git a/src/util-thash.c b/src/util-thash.c index 90a4ead794..f5c9db145c 100644 --- a/src/util-thash.c +++ b/src/util-thash.c @@ -204,6 +204,17 @@ static void THashDataFree(THashTableContext *ctx, THashData *h) #define GET_VAR(prefix,name) \ snprintf(varname, sizeof(varname), "%s.%s", (prefix), (name)) +static void THashConfigValidate(const char *confvalue, const char *varname) +{ + for (size_t i = 0; i < strlen(confvalue); i++) { + if (!isdigit(confvalue[i])) { + FatalError(SC_ERR_SIZE_PARSE, "Error parsing %s " + "from key %s. Killing Engine", + confvalue, varname); + } + } +} + /** \brief initialize the configuration * \warning Not thread safe */ static void THashInitConfig(THashTableContext *ctx, const char *cnf_prefix) @@ -230,6 +241,9 @@ static void THashInitConfig(THashTableContext *ctx, const char *cnf_prefix) GET_VAR(cnf_prefix, "hash-size"); if ((ConfGet(varname, &conf_val)) == 1) { + /* validate hash-size value is a numerical value */ + THashConfigValidate(conf_val, varname); + if (ByteExtractStringUint32(&configval, 10, strlen(conf_val), conf_val) > 0) { ctx->config.hash_size = configval; @@ -239,6 +253,9 @@ static void THashInitConfig(THashTableContext *ctx, const char *cnf_prefix) GET_VAR(cnf_prefix, "prealloc"); if ((ConfGet(varname, &conf_val)) == 1) { + /* validate prealloc value is a numerical value */ + THashConfigValidate(conf_val, varname); + if (ByteExtractStringUint32(&configval, 10, strlen(conf_val), conf_val) > 0) { ctx->config.prealloc = configval;