From: Victor Julien <victor@inliniac.net>
Date: Mon, 2 Dec 2013 19:34:39 +0000 (+0100)
Subject: Don't use strdup in ip-only address parsing
X-Git-Tag: suricata-2.0beta2~94
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=941d5a108151f42b401b9e4d0cf9394f997c7f9e;p=thirdparty%2Fsuricata.git

Don't use strdup in ip-only address parsing
---

diff --git a/src/detect-engine-iponly.c b/src/detect-engine-iponly.c
index 55a280fb74..6f8fc24018 100644
--- a/src/detect-engine-iponly.c
+++ b/src/detect-engine-iponly.c
@@ -103,19 +103,17 @@ static uint8_t IPOnlyCIDRItemCompare(IPOnlyCIDRItem *head,
  */
 static int IPOnlyCIDRItemParseSingle(IPOnlyCIDRItem *dd, char *str)
 {
-    char *ip = NULL;
-    char *ip2 = NULL;
+    char buf[256] = "";
+    char *ip = NULL, *ip2 = NULL;
     char *mask = NULL;
     int r = 0;
 
     while (*str != '\0' && *str == ' ')
         str++;
 
-    char *ipdup = SCStrdup(str);
-
-    if (unlikely(ipdup == NULL))
-        return -1;
     SCLogDebug("str %s", str);
+    strlcpy(buf, str, sizeof(buf));
+    ip = buf;
 
     /* first handle 'any' */
     if (strcasecmp(str, "any") == 0) {
@@ -132,15 +130,10 @@ static int IPOnlyCIDRItemParseSingle(IPOnlyCIDRItem *dd, char *str)
         IPOnlyCIDRItemParseSingle(dd->next, "::/0");
         BUG_ON(dd->family == 0);
 
-        SCFree(ipdup);
-
         SCLogDebug("address is \'any\'");
         return 0;
     }
 
-    /* we dup so we can put a nul-termination in it later */
-    ip = ipdup;
-
     /* handle the negation case */
     if (ip[0] == '!') {
         dd->negated = (dd->negated)? 0 : 1;
@@ -279,14 +272,10 @@ static int IPOnlyCIDRItemParseSingle(IPOnlyCIDRItem *dd, char *str)
 
     }
 
-    SCFree(ipdup);
-
     BUG_ON(dd->family == 0);
     return 0;
 
 error:
-    if (ipdup)
-        SCFree(ipdup);
     return -1;
 }