Fix NULL pointer dereference from unchecked calloc in emu_shellcode.c#11
Merged
micheloosterhof merged 14 commits intomainfrom Feb 10, 2026
Merged
Fix NULL pointer dereference from unchecked calloc in emu_shellcode.c#11micheloosterhof merged 14 commits intomainfrom
micheloosterhof merged 14 commits intomainfrom
Conversation
calloc() on lines 127 and 144 could return NULL on allocation failure, which would then be dereferenced immediately causing a crash. Add NULL checks with proper cleanup on the second allocation. https://claude.ai/code/session_01N3H3py9QSzbGU6dAADLLS6
sprintf does no bounds checking. Use snprintf with explicit buffer size of 3 (2 hex chars + NUL) for the SHA-256 hex conversion loop. https://claude.ai/code/session_01N3H3py9QSzbGU6dAADLLS6
memcpy(&sa, s, size) copies a caller-supplied size into a stack-local sockaddr_storage without checking bounds. If size exceeds sizeof(sockaddr_storage), this overflows the stack. Clamp size to the destination buffer size before copying. https://claude.ai/code/session_01N3H3py9QSzbGU6dAADLLS6
The XOR loop at line 131 reads input->data[offset + j] without verifying that offset + pattern->len fits within input->len. Add a bounds check before the loop to prevent reading past the buffer. https://claude.ai/code/session_01N3H3py9QSzbGU6dAADLLS6
end_offset - start_offset is computed with uint32_t types. If end_offset < start_offset due to edge-case stream chunk boundaries, the subtraction wraps to a huge value, causing memcpy to read/write far out of bounds. Add a guard to break out of the loop in that case. https://claude.ai/code/session_01N3H3py9QSzbGU6dAADLLS6
atoi() provides no error detection — it returns 0 for invalid input and has undefined behavior on overflow. strtol() is the modern replacement with well-defined error semantics. https://claude.ai/code/session_01N3H3py9QSzbGU6dAADLLS6
signal() has unreliable, platform-dependent semantics (e.g. handler may reset to SIG_DFL after first delivery on some systems). sigaction() is the POSIX-standard replacement with well-defined behavior. https://claude.ai/code/session_01N3H3py9QSzbGU6dAADLLS6
signal() has unreliable, platform-dependent semantics. sigaction() is the POSIX-standard replacement with well-defined behavior. https://claude.ai/code/session_01N3H3py9QSzbGU6dAADLLS6
signal() has unreliable, platform-dependent semantics. sigaction() is the POSIX-standard replacement with well-defined behavior. https://claude.ai/code/session_01N3H3py9QSzbGU6dAADLLS6
inet_ntoa() returns a pointer to a static buffer, making it non-reentrant and not thread-safe. inet_ntop() writes to a caller-provided buffer and also supports IPv6. https://claude.ai/code/session_01N3H3py9QSzbGU6dAADLLS6
Mark sigsegv_backtrace_cb() and pchild_run() as noreturn using C11 <stdnoreturn.h>. This enables compiler warnings if control flow could accidentally fall through, and allows better optimization. https://claude.ai/code/session_01N3H3py9QSzbGU6dAADLLS6
Catch configuration and buffer size errors at compile time instead of at runtime: - pchild.c: control message buffer fits SCM_RIGHTS payload - connection.h: DTLS cookie secret meets minimum security length - node_info.h: address string buffers can hold IPv6 addresses - emu_shellcode.c: detection thresholds are within execution limits https://claude.ai/code/session_01N3H3py9QSzbGU6dAADLLS6
Pointer arithmetic on void* is a GCC extension, not standard C. Cast to char* first, which is well-defined in C11 and portable across compilers. Applied to all CONOFF_* macros in connection.h and PDEVOFF_IO_IN in pcap.c. https://claude.ai/code/session_01N3H3py9QSzbGU6dAADLLS6
C17 (ISO/IEC 9899:2018) is a defect-fix release over C11 with no new language features, but it incorporates all defect report resolutions and is the baseline expected by modern compilers. Similarly bump C++ standard to C++17 for the vendor shim library. https://claude.ai/code/session_01N3H3py9QSzbGU6dAADLLS6
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
calloc() on lines 127 and 144 could return NULL on allocation failure,
which would then be dereferenced immediately causing a crash. Add NULL
checks with proper cleanup on the second allocation.
https://claude.ai/code/session_01N3H3py9QSzbGU6dAADLLS6