diff --git a/src/detect-fragoffset.c b/src/detect-fragoffset.c index ba6d8a38d5..708f830305 100644 --- a/src/detect-fragoffset.c +++ b/src/detect-fragoffset.c @@ -179,7 +179,11 @@ DetectFragOffsetData *DetectFragOffsetParse (char *fragoffsetstr) { } } - ByteExtractStringUint16(&fragoff->frag_off, 10, 0, substr[1]); + if (ByteExtractStringUint16(&fragoff->frag_off, 10, 0, substr[1]) < 0) { + SCLogError(SC_ERR_INVALID_ARGUMENT, "specified frag offset %s is not " + "valid", substr[1]); + goto error; + } for (i = 0; i < 3; i++) { if (substr[i] != NULL) SCFree(substr[i]); diff --git a/src/detect-icmp-id.c b/src/detect-icmp-id.c index 31bb969c3b..5acf544129 100644 --- a/src/detect-icmp-id.c +++ b/src/detect-icmp-id.c @@ -185,7 +185,11 @@ DetectIcmpIdData *DetectIcmpIdParse (char *icmpidstr) { /** \todo can ByteExtractStringUint16 do this? */ uint16_t id = 0; - ByteExtractStringUint16(&id, 10, 0, substr[1]); + if (ByteExtractStringUint16(&id, 10, 0, substr[1]) < 0) { + SCLogError(SC_ERR_INVALID_ARGUMENT, "specified icmp id %s is not " + "valid", substr[1]); + goto error; + } iid->id = htons(id); for (i = 0; i < 3; i++) { diff --git a/src/detect-icmp-seq.c b/src/detect-icmp-seq.c index 15a3c30283..9b6a9b0d00 100644 --- a/src/detect-icmp-seq.c +++ b/src/detect-icmp-seq.c @@ -185,7 +185,11 @@ DetectIcmpSeqData *DetectIcmpSeqParse (char *icmpseqstr) { } uint16_t seq = 0; - ByteExtractStringUint16(&seq, 10, 0, substr[1]); + if (ByteExtractStringUint16(&seq, 10, 0, substr[1]) < 0) { + SCLogError(SC_ERR_INVALID_ARGUMENT, "specified icmp seq %s is not " + "valid", substr[1]); + goto error; + } iseq->seq = htons(seq); for (i = 0; i < 3; i++) { diff --git a/src/detect-parse.c b/src/detect-parse.c index e68f0280c2..521590cf85 100644 --- a/src/detect-parse.c +++ b/src/detect-parse.c @@ -618,7 +618,8 @@ static int SigParseOptions(DetectEngineCtx *de_ctx, Signature *s, char *optstr) /* extract the substrings */ for (i = 1; i <= ret-1; i++) { - pcre_get_substring(optstr, ov, MAX_SUBSTRINGS, i, &arr[i-1]); + if (pcre_get_substring(optstr, ov, MAX_SUBSTRINGS, i, &arr[i-1]) < 0) + goto error; //printf("SigParseOptions: arr[%" PRId32 "] = \"%s\"\n", i-1, arr[i-1]); } arr[i-1]=NULL; @@ -868,7 +869,9 @@ int SigParseBasics(Signature *s, char *sigstr, char ***result, uint8_t addrs_dir } for (i = 1; i <= ret - 1; i++) { - pcre_get_substring(sigstr, ov, MAX_SUBSTRINGS, i, &arr[i - 1]); + if (pcre_get_substring(sigstr, ov, MAX_SUBSTRINGS, i, &arr[i - 1]) < 0 ) { + goto error; + } //printf("SigParseBasics: arr[%" PRId32 "] = \"%s\"\n", i-1, arr[i-1]); } arr[i - 1] = NULL; diff --git a/src/util-classification-config.c b/src/util-classification-config.c index 72bcae36f1..67d5db3029 100644 --- a/src/util-classification-config.c +++ b/src/util-classification-config.c @@ -140,9 +140,11 @@ int SCClassConfInitContext(DetectEngineCtx *de_ctx) */ static char *SCClassConfGetConfFilename(void) { - char *log_filename = (char *)default_file_path; + char *log_filename = NULL; - ConfGet("classification-file", &log_filename); + if (ConfGet("classification-file", &log_filename) != 1) { + log_filename = (char *)default_file_path; + } return log_filename; } diff --git a/src/util-threshold-config.c b/src/util-threshold-config.c index 19b95ed2f8..ca720ecf23 100644 --- a/src/util-threshold-config.c +++ b/src/util-threshold-config.c @@ -68,9 +68,11 @@ static pcre_extra *rate_regex_study = NULL; */ char *SCThresholdConfGetConfFilename(void) { - char *log_filename = (char *)THRESHOLD_CONF_DEF_CONF_FILEPATH; + char *log_filename = NULL; - ConfGet("threshold-file", &log_filename); + if (ConfGet("threshold-file", &log_filename) != 1) { + log_filename = (char *)THRESHOLD_CONF_DEF_CONF_FILEPATH; + } return log_filename; }