From: Wolfgang Hotwagner Date: Sun, 17 Dec 2017 22:15:27 +0000 (+0000) Subject: Conf: Multipe NULL-pointer dereferences after ConfGetBool in StreamTcpInitConfig X-Git-Tag: suricata-4.1.0-beta1~452 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a463910ff2be7122d8995eb9624856bfce2d0276;p=thirdparty%2Fsuricata.git Conf: Multipe NULL-pointer dereferences after ConfGetBool in StreamTcpInitConfig There are multiple NULL-pointer dereferences after calling ConfGetBool in StreamTcpInitConfig. ConfGetBool calls ConfGet which doesn't check the vptr-argument. This is a sample ASAN-output: 1453ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f2969b83a28 bp 0x7ffdbf613a90 sp 0x7ffdbf613210 T0) 0 0x7f2969b83a27 in strcasecmp (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x51a27) 1 0x564185accefd in ConfValIsTrue /root/suricata-1/src/conf.c:559 2 0x564185accb4f in ConfGetBool /root/suricata-1/src/conf.c:512 3 0x564185dcbe05 in StreamTcpInitConfig /root/suricata-1/src/stream-tcp.c:381 4 0x564185e21a88 in PreRunInit /root/suricata-1/src/suricata.c:2264 5 0x564185e24d2c in PostConfLoadedSetup /root/suricata-1/src/suricata.c:2763 6 0x564185e2570e in main /root/suricata-1/src/suricata.c:2898 7 0x7f29662cb2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) 8 0x5641859b6039 in _start (/usr/local/bin/suricata+0xc8039) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x51a27) in strcasecmp 1453ABORTING This commit replaces ConfGet by ConfGetValue in ConfGetBool. This does not only fix Bug #2368 but might also fix others too. --- diff --git a/src/conf.c b/src/conf.c index dfd2410df7..5ea30fc603 100644 --- a/src/conf.c +++ b/src/conf.c @@ -506,7 +506,7 @@ int ConfGetBool(const char *name, int *val) const char *strval = NULL; *val = 0; - if (ConfGet(name, &strval) != 1) + if (ConfGetValue(name, &strval) != 1) return 0; *val = ConfValIsTrue(strval);