From b7205370795eedb9a39a9f609deea6401354f0bf Mon Sep 17 00:00:00 2001 From: ddpbsd Date: Thu, 3 Jan 2019 07:04:34 -0500 Subject: [PATCH] Based on pull request #1621, but there is a lot of churn on json_extended.c, so ignore that for now. --- src/analysisd/alerts/exec.c | 3 +++ src/analysisd/analysisd.c | 2 +- src/logcollector/read_mssql_log.c | 6 ++--- src/os_maild/sendmail.c | 4 ++- src/os_net/os_net.c | 15 +++++++---- src/shared/file-queue.c | 6 +++-- src/shared/rules_op.c | 42 +++++++++++++++++++++++++++++++ 7 files changed, 66 insertions(+), 12 deletions(-) diff --git a/src/analysisd/alerts/exec.c b/src/analysisd/alerts/exec.c index b9849bf05..445f0caed 100644 --- a/src/analysisd/alerts/exec.c +++ b/src/analysisd/alerts/exec.c @@ -90,6 +90,9 @@ void OS_Exec(int execq, int arq, const Eventinfo *lf, const active_response *ar) lf->generated_rule->sigid, lf->location, filename ? filename : "-"); + if (execq < 1) { + merror("%s: Error communicating with execd (q < 1).", ARGV0); + } if (OS_SendUnix(execq, exec_msg, 0) < 0) { merror("%s: Error communicating with execd.", ARGV0); diff --git a/src/analysisd/analysisd.c b/src/analysisd/analysisd.c index 0ef9b05de..a8d83b1a8 100644 --- a/src/analysisd/analysisd.c +++ b/src/analysisd/analysisd.c @@ -991,7 +991,7 @@ void OS_ReadMSG_analysisd(int m_queue) } } - if (do_ar) { + if (do_ar && execdq > 0) { OS_Exec(execdq, arq, lf, *rule_ar); } rule_ar++; diff --git a/src/logcollector/read_mssql_log.c b/src/logcollector/read_mssql_log.c index ad9324900..529bb3ac5 100644 --- a/src/logcollector/read_mssql_log.c +++ b/src/logcollector/read_mssql_log.c @@ -99,7 +99,7 @@ void *read_mssql_log(int pos, int *rc, int drop_it) /* If the saved message is empty, set it and continue */ if (buffer[0] == '\0') { - strncpy(buffer, str, str_len + 2); + strncpy(buffer, str, OS_MAXSTR); continue; } @@ -108,7 +108,7 @@ void *read_mssql_log(int pos, int *rc, int drop_it) __send_mssql_msg(pos, drop_it, buffer); /* Store current one at the buffer */ - strncpy(buffer, str, str_len + 2); + strncpy(buffer, str, OS_MAXSTR); } } @@ -134,7 +134,7 @@ void *read_mssql_log(int pos, int *rc, int drop_it) */ buffer[buffer_len] = ' '; buffer[buffer_len + 1] = '\0'; - strncat(buffer, str, str_len + 3); + strncat(buffer, str, OS_MAXSTR); } } diff --git a/src/os_maild/sendmail.c b/src/os_maild/sendmail.c index f793c24d4..bd2bd2570 100644 --- a/src/os_maild/sendmail.c +++ b/src/os_maild/sendmail.c @@ -209,7 +209,9 @@ int OS_Sendsms(MailConfig *mail, struct tm *p, MailMsg *sms_msg) if (mail->reply_to){ memset(snd_msg, '\0', 128); snprintf(snd_msg, 127, REPLYTO, mail->reply_to); - OS_SendTCP(socket, snd_msg); + if (socket > 0) { + OS_SendTCP(socket, snd_msg); + } } /* Send date */ diff --git a/src/os_net/os_net.c b/src/os_net/os_net.c index 6be1000c1..8344b5f38 100644 --- a/src/os_net/os_net.c +++ b/src/os_net/os_net.c @@ -145,7 +145,7 @@ OSNetInfo *OS_Bindport(char *_port, unsigned int _proto, const char *_ip) (char *)&flag, sizeof(flag)) < 0) { verbose ("setsockopt error: SO_REUSEADDR %d: %s", errno, strerror(errno)); - if(ossock) { + if(ossock > 0) { OS_CloseSocket(ossock); } continue; @@ -194,11 +194,11 @@ OSNetInfo *OS_Bindport(char *_port, unsigned int _proto, const char *_ip) /* check to see if at least one address succeeded */ if (ni->fdcnt == 0) { verbose ("Request to allocate and bind sockets failed."); - if(ossock) { - OS_CloseSocket(ossock); - } ni->status = -1; ni->retval = OS_SOCKTERR; + if(result) { + freeaddrinfo(result); + } return(ni); } @@ -407,7 +407,9 @@ int OS_Connect(char *_port, unsigned int protocol, const char *_ip) } } if (rp == NULL) { /* No address succeeded */ - OS_CloseSocket(ossock); + if (ossock > 0) { + OS_CloseSocket(ossock); + } if(result) { freeaddrinfo(result); } @@ -621,6 +623,9 @@ char *OS_GetHost(const char *host, unsigned int attempts) } if ((ip = (char *) calloc(IPSIZE, sizeof(char))) == NULL) { + if (result) { + freeaddrinfo(result); + } return (NULL); } diff --git a/src/shared/file-queue.c b/src/shared/file-queue.c index 9abc70f5a..0addb940c 100644 --- a/src/shared/file-queue.c +++ b/src/shared/file-queue.c @@ -84,8 +84,10 @@ static int Handle_Queue(file_queue *fileq, int flags) if (!(flags & CRALERT_READ_ALL)) { if (fseek(fileq->fp, 0, SEEK_END) < 0) { merror(FSEEK_ERROR, __local_name, fileq->file_name, errno, strerror(errno)); - fclose(fileq->fp); - fileq->fp = NULL; + if (fileq->fp) { + fclose(fileq->fp); + fileq->fp = NULL; + } return (-1); } } diff --git a/src/shared/rules_op.c b/src/shared/rules_op.c index 73747c368..d8a4115cb 100644 --- a/src/shared/rules_op.c +++ b/src/shared/rules_op.c @@ -118,6 +118,9 @@ int OS_ReadXMLRules(const char *rulefile, /* Apply any variables found */ if (OS_ApplyVariables(&xml) != 0) { merror(XML_ERROR_VAR, __local_name, rulepath, xml.err); + if (rulepath) { + free(rulepath); + } return (-1); } debug1("%s: DEBUG: XML Variables applied.", __local_name); @@ -127,6 +130,9 @@ int OS_ReadXMLRules(const char *rulefile, if (!node) { merror(CONFIG_ERROR, __local_name, rulepath); OS_ClearXML(&xml); + if (rulepath) { + free(rulepath); + } return (-1); } @@ -676,6 +682,9 @@ int OS_ReadXMLRules(const char *rulefile, if (!OSRegex_Compile(regex, config_ruleinfo->regex, 0)) { merror(REGEX_COMPILE, __local_name, regex, config_ruleinfo->regex->error); + if (regex) { + free(regex); + } return (-1); } free(regex); @@ -688,6 +697,9 @@ int OS_ReadXMLRules(const char *rulefile, if (!OSMatch_Compile(match, config_ruleinfo->match, 0)) { merror(REGEX_COMPILE, __local_name, match, config_ruleinfo->match->error); + if (match) { + free(match); + } return (-1); } free(match); @@ -700,6 +712,9 @@ int OS_ReadXMLRules(const char *rulefile, if (!OSMatch_Compile(id, config_ruleinfo->id, 0)) { merror(REGEX_COMPILE, __local_name, id, config_ruleinfo->id->error); + if (id) { + free(id); + } return (-1); } free(id); @@ -712,6 +727,9 @@ int OS_ReadXMLRules(const char *rulefile, if (!OSMatch_Compile(srcport, config_ruleinfo->srcport, 0)) { merror(REGEX_COMPILE, __local_name, srcport, config_ruleinfo->id->error); + if (srcport) { + free(srcport); + } return (-1); } free(srcport); @@ -724,6 +742,9 @@ int OS_ReadXMLRules(const char *rulefile, if (!OSMatch_Compile(dstport, config_ruleinfo->dstport, 0)) { merror(REGEX_COMPILE, __local_name, dstport, config_ruleinfo->id->error); + if (dstport) { + free(dstport); + } return (-1); } free(dstport); @@ -736,6 +757,9 @@ int OS_ReadXMLRules(const char *rulefile, if (!OSMatch_Compile(status, config_ruleinfo->status, 0)) { merror(REGEX_COMPILE, __local_name, status, config_ruleinfo->status->error); + if (status) { + free(status); + } return (-1); } free(status); @@ -748,6 +772,9 @@ int OS_ReadXMLRules(const char *rulefile, if (!OSMatch_Compile(hostname, config_ruleinfo->hostname, 0)) { merror(REGEX_COMPILE, __local_name, hostname, config_ruleinfo->hostname->error); + if (hostname) { + free(hostname); + } return (-1); } free(hostname); @@ -761,6 +788,9 @@ int OS_ReadXMLRules(const char *rulefile, config_ruleinfo->extra_data, 0)) { merror(REGEX_COMPILE, __local_name, extra_data, config_ruleinfo->extra_data->error); + if (extra_data) { + free(extra_data); + } return (-1); } free(extra_data); @@ -774,6 +804,9 @@ int OS_ReadXMLRules(const char *rulefile, config_ruleinfo->program_name, 0)) { merror(REGEX_COMPILE, __local_name, program_name, config_ruleinfo->program_name->error); + if (program_name) { + free(program_name); + } return (-1); } free(program_name); @@ -786,6 +819,9 @@ int OS_ReadXMLRules(const char *rulefile, if (!OSMatch_Compile(user, config_ruleinfo->user, 0)) { merror(REGEX_COMPILE, __local_name, user, config_ruleinfo->user->error); + if (user) { + free(user); + } return (-1); } free(user); @@ -798,6 +834,9 @@ int OS_ReadXMLRules(const char *rulefile, if (!OSMatch_Compile(url, config_ruleinfo->url, 0)) { merror(REGEX_COMPILE, __local_name, url, config_ruleinfo->url->error); + if (url) { + free(url); + } return (-1); } free(url); @@ -826,6 +865,9 @@ int OS_ReadXMLRules(const char *rulefile, config_ruleinfo->if_matched_regex, 0)) { merror(REGEX_COMPILE, __local_name, if_matched_regex, config_ruleinfo->if_matched_regex->error); + if (if_matched_regex) { + free(if_matched_regex); + } return (-1); } free(if_matched_regex);