diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2023-05-29 19:24:00 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-05-29 19:24:00 +0200 |
| commit | efb261a95c5a81ddb148f205d74eab3714155f0d (patch) | |
| tree | 94ffe1907720e93087c3518bf1729032d13e1b84 /src/lib | |
| parent | 346bb268e22e190e79b16091817d5178a608d4a0 (diff) | |
Fix some memory errors triggered by allocation failures (#1995)
Some low hanging fruits found using nallocfuzz.
See: https://github.com/catenacyber/nallocfuzz
See: https://github.com/google/oss-fuzz/pull/9902
Most of these errors are quite trivial to fix; the only exception is the
stuff in the uthash.
If the insertion fails (because of an allocation failure), we need to
avoid some memory leaks. But the only way to check if the `HASH_ADD_*`
failed, is to perform a new lookup: a bit costly, but we don't use that
code in any critical data-path.
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/ndpi_main.c | 13 | ||||
| -rw-r--r-- | src/lib/ndpi_utils.c | 9 | ||||
| -rw-r--r-- | src/lib/third_party/include/uthash.h | 2 |
3 files changed, 22 insertions, 2 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 9776b0b02..7a5de852f 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2509,6 +2509,9 @@ static int ndpi_add_host_ip_subprotocol(struct ndpi_detection_module_struct *ndp u_int16_t port = 0; /* Format ip:8.248.73.247:443 */ char *double_column; + if(!ndpi_str->protocols_ptree) + return(-1); + if(ptr) { ptr[0] = '\0'; ptr++; @@ -3674,6 +3677,9 @@ int ndpi_add_ip_risk_mask(struct ndpi_detection_module_struct *ndpi_str, char *ip, ndpi_risk mask) { char *saveptr, *addr = strtok_r(ip, "/", &saveptr); + if(!ndpi_str->ip_risk_mask_ptree) + return(-3); + if(addr) { char *cidr = strtok_r(NULL, "\n", &saveptr); struct in_addr pin; @@ -6483,6 +6489,9 @@ int ndpi_load_ip_category(struct ndpi_detection_module_struct *ndpi_str, char *ptr; char ipbuf[64]; + if(!ndpi_str->custom_categories.ipAddresses_shadow) + return(-1); + strncpy(ipbuf, ip_address_and_mask, sizeof(ipbuf)); ipbuf[sizeof(ipbuf) - 1] = '\0'; @@ -6618,7 +6627,9 @@ int ndpi_fill_ip_protocol_category(struct ndpi_detection_module_struct *ndpi_str ret->custom_category_userdata = NULL; - if(ndpi_str->custom_categories.categories_loaded) { + if(ndpi_str->custom_categories.categories_loaded && + ndpi_str->custom_categories.ipAddresses) { + ndpi_prefix_t prefix; ndpi_patricia_node_t *node; diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index dfdca923a..0199d6424 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -2288,6 +2288,7 @@ int ndpi_hash_add_entry(ndpi_str_hash **h, char *key, u_int8_t key_len, void *va { struct ndpi_str_hash_private **h_priv = (struct ndpi_str_hash_private **)h; struct ndpi_str_hash_private *new = ndpi_calloc(1, sizeof(*new)); + struct ndpi_str_hash_private *found; unsigned int hash_value; if (new == NULL) @@ -2299,6 +2300,14 @@ int ndpi_hash_add_entry(ndpi_str_hash **h, char *key, u_int8_t key_len, void *va new->hash = hash_value; new->value = value; HASH_ADD_INT(*h_priv, hash, new); + + HASH_FIND_INT(*h_priv, &hash_value, found); + if (found == NULL) /* The insertion failed (because of a memory allocation error) */ + { + ndpi_free(new); + return 1; + } + return 0; } diff --git a/src/lib/third_party/include/uthash.h b/src/lib/third_party/include/uthash.h index b7dfe4d3b..7cf305d41 100644 --- a/src/lib/third_party/include/uthash.h +++ b/src/lib/third_party/include/uthash.h @@ -101,7 +101,7 @@ do { #endif #ifndef HASH_NONFATAL_OOM -#define HASH_NONFATAL_OOM 0 +#define HASH_NONFATAL_OOM 1 #endif #if HASH_NONFATAL_OOM |