View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0005152||unreal||ircd||public||2018-09-25 11:07||2018-09-25 14:02|
|Priority||normal||Severity||minor||Reproducibility||have not tried|
|Target Version||Fixed in Version|
|Summary||0005152: a possible deference of null pointer?|
There is a possible deference of a null pointer found by Qihoo360 CodeSafe Team.
Details as bellow:
In file 'src/modules/chanmodes/censor.c', line 208, the pointer word is declared and assigned as NULL.
Only when the statement in 246 executed, pointer 'word' could be a value not NULL.
So, before deferencing it in line 251, it is better to add a check against NULL.
|Tags||Qihoo360 CodeSafe Static Analysis|
|3rd party modules|
See 0005150. But also a specific advice for this one:
In UnrealIRCd we have two stages, first there the "config test" function is called and if that passes testing then the "config run" functions are called.
We have many checks in the "config test" code that verifies if certain blocks/variables exist. In the "config run" code such checks are then absent because we never make it to "config run". The bug thus never occurs, there is no issue.
Whether that is also true in this specific case I have not checked, but just wanted you to be aware of this ;)
As for this specific bug:
As far as I can see this is properly handled by censor_config_test().
And if that fails then the censor_config_run is never executed.
If I'm wrong and you can provide me with for example a configuration file that makes UnrealIRCd crash with a certain badword block, then let me know and we'll get this fixed.