Skip to content

Fix multiple bugs in C code: memory leaks, NULL derefs, buffer overflow, OOB reads#10

Merged
micheloosterhof merged 1 commit intomainfrom
claude/debug-dionaea-c-code-ObhdQ
Feb 10, 2026
Merged

Fix multiple bugs in C code: memory leaks, NULL derefs, buffer overflow, OOB reads#10
micheloosterhof merged 1 commit intomainfrom
claude/debug-dionaea-c-code-ObhdQ

Conversation

@micheloosterhof
Copy link
Member

@micheloosterhof micheloosterhof commented Feb 10, 2026

  • connection.c: Fix SSL_CTX memory leak for connect-type TLS/DTLS connections
    (only listen-type was freed, leaking ctx for outbound connections)
  • connection.c: Add NULL check for SSL_CTX_new return value to prevent crash
  • connection.c: Add bounds checks to connection_{transport,type,state}_to_string
    to prevent out-of-bounds array access on invalid enum values
  • incident.c: Fix buffer overflow in opaque_data_dump - indent was unclamped and
    g_snprintf size parameter didn't account for indent offset
  • log.c: Initialize level to "unknown" in logger_stdout_log and logger_file_log
    to prevent NULL pointer dereference in fprintf when no log level matches
  • curl/module.c: Add NULL check after tempfile_new() to prevent NULL dereference
    and fix write() return type comparison (ssize_t vs size_t)
  • python/module.c: Add NULL check after PyImport_Import for traceback module
  • python/module.c: Fix memory leaks - add g_strfreev() for sys_paths,
    module_names in new() and module_names in hupy()
  • python/module.c: Replace VLA with heap allocation in pygetifaddrs to prevent
    stack overflow with many network interfaces

https://claude.ai/code/session_014EiJbNgZBQnu8uSe7sWmYN

@claude
Fix multiple bugs in C code: memory leaks, NULL derefs, buffer overfl…
b041143 
…ow, OOB reads

- connection.c: Fix SSL_CTX memory leak for connect-type TLS/DTLS connections
  (only listen-type was freed, leaking ctx for outbound connections)
- connection.c: Add NULL check for SSL_CTX_new return value to prevent crash
- connection.c: Add bounds checks to connection_{transport,type,state}_to_string
  to prevent out-of-bounds array access on invalid enum values
- incident.c: Fix buffer overflow in opaque_data_dump - indent was unclamped and
  g_snprintf size parameter didn't account for indent offset
- log.c: Initialize level to "unknown" in logger_stdout_log and logger_file_log
  to prevent NULL pointer dereference in fprintf when no log level matches
- curl/module.c: Add NULL check after tempfile_new() to prevent NULL dereference
  and fix write() return type comparison (ssize_t vs size_t)
- python/module.c: Add NULL check after PyImport_Import for traceback module
- python/module.c: Fix memory leaks - add g_strfreev() for sys_paths,
  module_names in new() and module_names in hupy()
- python/module.c: Replace VLA with heap allocation in pygetifaddrs to prevent
  stack overflow with many network interfaces

https://claude.ai/code/session_014EiJbNgZBQnu8uSe7sWmYN
@micheloosterhof micheloosterhof merged commit 59a407b into main Feb 10, 2026
8 of 11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@micheloosterhof @claude