Merge pull request #944 from ddpbsd/null_db

Don't pass null variables to snprintf.
ossec · Nov 16, 2017 · 9795c71 · 9795c71
2 parents 7c599b2 + 8c2415e
commit 9795c71
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 8 deletions.
diff --git a/src/os_dbd/alert.c b/src/os_dbd/alert.c
@@ -167,8 +167,10 @@ int OS_Alert_InsertDB(const alert_data *al_data, DBConfig *db_config)
                  db_config->server_id, al_data->rule,
                  al_data->level,
                  (unsigned int)time(0), *loc_id,
-                 al_data->srcip, (unsigned short)s_port,
-                 al_data->dstip, (unsigned short)d_port,
+                 al_data->srcip,
+                 (unsigned short)s_port,
+                 al_data->dstip,
+                 (unsigned short)d_port,
                  al_data->alertid,
                  al_data->user, fulllog, al_data->srcgeoip);
 	break;
@@ -181,10 +183,13 @@ int OS_Alert_InsertDB(const alert_data *al_data, DBConfig *db_config)
                  db_config->server_id, al_data->rule,
                  al_data->level,
                  (unsigned int)time(0), *loc_id,
-                 al_data->srcip, (unsigned short)s_port,
-                 al_data->dstip, (unsigned short)d_port,
+                 al_data->srcip != NULL ? al_data->srcip : "NULL",
+                 (unsigned short)s_port,
+                 al_data->dstip != NULL ? al_data->dstip : "NULL",
+                 (unsigned short)d_port,
                  al_data->alertid,
-                 al_data->user, fulllog);
+                 al_data->user != NULL ? al_data->user : "NULL",
+                 fulllog);
 	break;
     }
 

diff --git a/src/os_dbd/main.c b/src/os_dbd/main.c
@@ -159,8 +159,13 @@ int main(int argc, char **argv)
 
     /* Maybe disable this debug? */
     debug1("%s: DEBUG: Connecting to '%s', using '%s', '%s', '%s', %d,'%s'.",
-           ARGV0, db_config.host, db_config.user,
-           db_config.pass, db_config.db, db_config.port, db_config.sock);
+           ARGV0,
+           db_config.host != NULL ? db_config.host : "NoHost",
+           db_config.user != NULL ? db_config.user : "NoUser",
+           db_config.pass != NULL ? db_config.pass : "NoPass",
+           db_config.db != NULL ? db_config.db : "NoDB",
+           db_config.port,
+           db_config.sock != NULL ? db_config.sock : "NoSock");
 
     /* Set config pointer */
     osdb_setconfig(&db_config);

diff --git a/src/os_dbd/rules.c b/src/os_dbd/rules.c
@@ -203,7 +203,8 @@ static void *_Rules_ReadInsertDB(RuleInfo *rule, void *db_config)
              "REPLACE INTO "
              "signature(rule_id, level, description) "
              "VALUES ('%u','%u','%s')",
-             rule->sigid, rule->level, rule->comment);
+             rule->sigid, rule->level,
+             rule->comment != NULL ? rule->comment : "NULL");
 
     /* XXX We don't actually insert!?
     if(!osdb_query_insert(dbc->conn, sql_query))