From: Wolfgang Hotwagner <code@feedyourhead.at>
Date: Mon, 18 Dec 2017 14:49:38 +0000 (+0000)
Subject: Conf: Multipe NULL-pointer dereferences in PostConfLoadedSetup
X-Git-Tag: suricata-4.1.0-beta1~451
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9d1f07c021da8ebc01054773ca45444af5a11bb4;p=thirdparty%2Fsuricata.git

Conf: Multipe NULL-pointer dereferences in PostConfLoadedSetup

Multiple NULL-pointer dereferences after ConfGet in PostConfLoadedSetup can cause suricata to terminate with segfaults. The ASAN-output:

ASAN:DEADLYSIGNAL =================================================================
5734ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f1a9a3967cc bp 0x7ffdff033ad0 sp 0x7ffdff033250 T0)
 0 0x7f1a9a3967cb (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x447cb)
 1 0x55ba65f66f27 in PostConfLoadedSetup /root/suricata-1/src/suricata.c:2652
 2 0x55ba65f6870e in main /root/suricata-1/src/suricata.c:2898
 3 0x7f1a96aeb2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
 4 0x55ba65af9039 in _start (/usr/local/bin/suricata+0xc8039)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x447cb)

This commit fixes Bug #2370 by replacing ConfGet by ConfGetValue
---

diff --git a/src/suricata.c b/src/suricata.c
index 50690df9c7..70db2432e8 100644
--- a/src/suricata.c
+++ b/src/suricata.c
@@ -2610,7 +2610,7 @@ static int PostConfLoadedSetup(SCInstance *suri)
 
     if (suri->checksum_validation == -1) {
         const char *cv = NULL;
-        if (ConfGet("capture.checksum-validation", &cv) == 1) {
+        if (ConfGetValue("capture.checksum-validation", &cv) == 1) {
             if (strcmp(cv, "none") == 0) {
                 suri->checksum_validation = 0;
             } else if (strcmp(cv, "all") == 0) {
@@ -2648,7 +2648,7 @@ static int PostConfLoadedSetup(SCInstance *suri)
         SCReturnInt(TM_ECODE_FAILED);
     }
 
-    if (ConfGet("host-mode", &hostmode) == 1) {
+    if (ConfGetValue("host-mode", &hostmode) == 1) {
         if (!strcmp(hostmode, "router")) {
             host_mode = SURI_HOST_IS_ROUTER;
         } else if (!strcmp(hostmode, "sniffer-only")) {