From: Wolfgang Hotwagner <code@feedyourhead.at>
Date: Sun, 19 Nov 2017 14:05:04 +0000 (+0000)
Subject: conf: fix NULL-pointer dereference in CoredumpLoadConfig
X-Git-Tag: suricata-4.0.2~13
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cb70d85c692df3e96495fa427429782add092d4d;p=thirdparty%2Fsuricata.git

conf: fix NULL-pointer dereference in CoredumpLoadConfig

An empty value for coredump.max-dump in the config-file leads to a segfault because of a NULL-pointer dereference in CoredumpLoadConfig().

Here is a configuration example:

coredump.max-dump: []

This lets suricata crash with a segfault:

ASAN-output:
==9412==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f22e851aa28 bp 0x7ffd90006fc0 sp 0x7ffd90006740 T0)
    0 0x7f22e851aa27 in strcasecmp (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x51a27)
    1 0x5608a7ec0108 in CoredumpLoadConfig /root/suricata-1/src/util-coredump-config.c:52
    2 0x5608a7e8bb22 in PostConfLoadedSetup /root/suricata-1/src/suricata.c:2752
    3 0x5608a7e8c577 in main /root/suricata-1/src/suricata.c:2892
    4 0x7f22e4c622b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
    5 0x5608a7a30c59 in _start (/usr/local/bin/suricata+0xc4c59)

Bug #2276
---

diff --git a/src/util-coredump-config.c b/src/util-coredump-config.c
index a88b3f32be..3f1da66aaf 100644
--- a/src/util-coredump-config.c
+++ b/src/util-coredump-config.c
@@ -49,6 +49,10 @@ int32_t CoredumpLoadConfig (void)
         SCLogDebug ("core dump size not specified");
         return 1;
     }
+    if (dump_size_config == NULL) {
+        SCLogError (SC_ERR_INVALID_YAML_CONF_ENTRY, "malformed value for coredump.max-dump: NULL");
+        return 0;
+    }
     if (strcasecmp (dump_size_config, "unlimited") == 0) {
         unlimited = 1;
     }