From: Wolfgang Hotwagner <code@feedyourhead.at>
Date: Fri, 8 Dec 2017 21:39:11 +0000 (+0000)
Subject: conf: NULL-pointer dereference in ConfUnixSocketIsEnable
X-Git-Tag: suricata-4.0.4~58
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d747d566cc84489266095214a73bf707a1b78d4c;p=thirdparty%2Fsuricata.git

conf: NULL-pointer dereference in ConfUnixSocketIsEnable

The value for the configuration-option "unix-command.enabled" is not properly checked in ConfUnixSocketIsEnable. This causes a NULL-pointer dereference in strcmp. This commit fixes bug #2346. The ASAN-output looks like:

ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f03b69737cc bp 0x7ffcef322c10 sp 0x7ffcef322390 T0)
0 0x7f03b69737cb (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x447cb)
1 0x5617a76d3f55 in ConfUnixSocketIsEnable /root/suricata-1/src/util-conf.c:104
2 0x5617a741b6e7 in DetectEngineMultiTenantSetup /root/suricata-1/src/detect-engine.c:2447
3 0x5617a769e0c3 in PostConfLoadedDetectSetup /root/suricata-1/src/suricata.c:2527
4 0x5617a76a0424 in main /root/suricata-1/src/suricata.c:2887
5 0x7f03b30c82b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
6 0x5617a72411a9 in _start (/usr/local/bin/suricata+0xc51a9)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x447cb
---

diff --git a/src/util-conf.c b/src/util-conf.c
index 8cec65ed24..212be9d7a8 100644
--- a/src/util-conf.c
+++ b/src/util-conf.c
@@ -101,6 +101,11 @@ int ConfUnixSocketIsEnable(void)
         return 0;
     }
 
+    if (value == NULL) {
+        SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "malformed value for unix-command.enabled: NULL");
+        return 0;
+    }
+
     if (!strcmp(value, "auto")) {
 #ifdef HAVE_LIBJANSSON
 #ifdef OS_WIN32