detect/reference: guard SCStrdup calls in DetectReferenceParse

Two SCStrdup calls that set ref->key had no NULL check. On allocation
failure the pointer would be used immediately, causing a NULL dereference.
pull/15601/head
Denis Balashov 1 month ago committed by Victor Julien
parent 01f64ea335
commit 04a1de1192

@ -153,6 +153,9 @@ static DetectReference *DetectReferenceParse(const char *rawstr, DetectEngineCtx
if (strlen(scheme)) {
SCLogConfig("scheme value %s overrides key %s", scheme, key);
ref->key = SCStrdup(scheme);
if (ref->key == NULL) {
goto error;
}
/* already bound checked to be REFERENCE_SYSTEM_NAME_MAX or less */
ref->key_len = (uint16_t)strlen(scheme);
} else {
@ -160,6 +163,9 @@ static DetectReference *DetectReferenceParse(const char *rawstr, DetectEngineCtx
SCRConfReference *lookup_ref_conf = SCRConfGetReference(key, de_ctx);
if (lookup_ref_conf != NULL) {
ref->key = SCStrdup(lookup_ref_conf->url);
if (ref->key == NULL) {
goto error;
}
/* already bound checked to be REFERENCE_SYSTEM_NAME_MAX or less */
ref->key_len = (uint16_t)strlen(ref->key);
} else {

Loading…
Cancel
Save