From d3cc5d89df346649d259d47e4447fa4ae86f9bf0 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Thu, 8 Feb 2024 13:21:11 -0600 Subject: [PATCH 1/2] detect-http: add superfluous alloc check for cocci Add not-needed SCCalloc return check to satisfy our Cocci malloc checks as it can't see that the caller immediately checks the return value of this simple wrapper around SCCalloc. --- src/detect-http-header.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/detect-http-header.c b/src/detect-http-header.c index 98e438c21111..7c15bf094a76 100644 --- a/src/detect-http-header.c +++ b/src/detect-http-header.c @@ -590,6 +590,11 @@ typedef struct HttpMultiBufHeaderThreadData { static void *HttpMultiBufHeaderThreadDataInit(void *data) { HttpMultiBufHeaderThreadData *td = SCCalloc(1, sizeof(*td)); + + /* This return value check to satisfy our Cocci malloc checks. */ + if (td == NULL) { + return NULL; + } return td; } From 922b2625e3f3a7626268e5f1620e08999271ef12 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Thu, 8 Feb 2024 20:23:59 +0100 Subject: [PATCH 2/2] detect/http_header: fix leak on realloc failure --- src/detect-http-header.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/detect-http-header.c b/src/detect-http-header.c index 7c15bf094a76..e32220576ba1 100644 --- a/src/detect-http-header.c +++ b/src/detect-http-header.c @@ -663,10 +663,11 @@ static InspectionBuffer *GetHttp1HeaderData(DetectEngineThreadCtx *det_ctx, cons size_t size = size1 + size2 + 2; if (hdr_td->items[i].len < size) { // Use realloc, as this pointer is not freed until HttpMultiBufHeaderThreadDataFree - hdr_td->items[i].buffer = SCRealloc(hdr_td->items[i].buffer, size); - if (unlikely(hdr_td->items[i].buffer == NULL)) { + void *tmp = SCRealloc(hdr_td->items[i].buffer, size); + if (unlikely(tmp == NULL)) { return NULL; } + hdr_td->items[i].buffer = tmp; } memcpy(hdr_td->items[i].buffer, bstr_ptr(h->name), size1); hdr_td->items[i].buffer[size1] = ':';