From 178f3baf4ac5ada1c5faf7fe709d311ea4316966 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Tue, 30 Sep 2025 06:52:50 +0200 Subject: [PATCH] detect: improve path handling for tenants ** CID 1666423: Error handling issues (CHECKED_RETURN) /src/detect-engine.c: 4413 in DetectEngineMultiTenantSetup() _____________________________________________________________________________________________ *** CID 1666423: Error handling issues (CHECKED_RETURN) /src/detect-engine.c: 4413 in DetectEngineMultiTenantSetup() 4407 goto bad_tenant; 4408 } 4409 SCLogDebug("tenant id: %u, %s", tenant_id, yaml_node->val); 4410 4411 char yaml_path[PATH_MAX] = ""; 4412 if (path) { >>> CID 1666423: Error handling issues (CHECKED_RETURN) >>> Calling "PathMerge" without checking return value (as is done elsewhere 19 out of 21 times). 4413 PathMerge(yaml_path, PATH_MAX, path, yaml_node->val); 4414 } else { 4415 strlcpy(yaml_path, yaml_node->val, sizeof(yaml_path)); 4416 } 4417 SCLogDebug("tenant path: %s", yaml_path); 4418 --- src/detect-engine.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/detect-engine.c b/src/detect-engine.c index c894cf5955..543e140c19 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -4410,9 +4410,12 @@ int DetectEngineMultiTenantSetup(const bool unix_socket) char yaml_path[PATH_MAX] = ""; if (path) { - PathMerge(yaml_path, PATH_MAX, path, yaml_node->val); + if (PathMerge(yaml_path, PATH_MAX, path, yaml_node->val) < 0) + goto bad_tenant; } else { - strlcpy(yaml_path, yaml_node->val, sizeof(yaml_path)); + size_t r = strlcpy(yaml_path, yaml_node->val, sizeof(yaml_path)); + if (r >= sizeof(yaml_path)) + goto bad_tenant; } SCLogDebug("tenant path: %s", yaml_path);