From 264dd483176009193b669bb9ca9b426ea1a8e3f5 Mon Sep 17 00:00:00 2001
From: Martin Vierula <martin.vierula@trustwave.com>
Date: Mon, 10 Apr 2023 13:33:17 -0700
Subject: [PATCH] Fix: possible segfault on reload if duplicate ip+CIDR in ip
 match list

---
 CHANGES               |  2 ++
 src/utils/msc_tree.cc | 17 ++++++++++-------
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/CHANGES b/CHANGES
index 220e091ead..39ac29d623 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,8 @@
 v3.x.y - YYYY-MMM-DD (to be released)
 -------------------------------------
 
+  - Fix: possible segfault on reload if duplicate ip+CIDR in ip match list
+    [Issue #2877, #2890 - @tomsommer, @martinhsv]
   - Add some member variable inits in Transaction class
     [Issue #2886 - @GNU-Plus-Windows-User, @airween, @mdounin, @martinhsv]
   - Resolve memory leak on reload (bison-generated variable)
diff --git a/src/utils/msc_tree.cc b/src/utils/msc_tree.cc
index 1fc9201a70..5df5f1108e 100644
--- a/src/utils/msc_tree.cc
+++ b/src/utils/msc_tree.cc
@@ -259,6 +259,7 @@ int InsertNetmask(TreeNode *node, TreeNode *parent, TreeNode *new_node,
 
             node->count++;
             node->netmasks = reinterpret_cast<unsigned char *>(malloc(node->count * sizeof(unsigned char)));
+            memset(node->netmasks, 0, (node->count *  sizeof(unsigned char)));
 
             if(node->netmasks == NULL)
                 return 0;
@@ -410,6 +411,7 @@ TreeNode *CPTAddElement(unsigned char *ipdata, unsigned int ip_bitmask, CPTTree
                 node->count++;
                 new_node = node;
                 node->netmasks = reinterpret_cast<unsigned char *>(malloc(node->count *  sizeof(unsigned char)));
+                memset(node->netmasks, 0, (node->count *  sizeof(unsigned char)));
 
                 if ((node->count -1) == 0) {
                     node->netmasks[0] = netmask;
@@ -418,16 +420,16 @@ TreeNode *CPTAddElement(unsigned char *ipdata, unsigned int ip_bitmask, CPTTree
 
                 node->netmasks[node->count - 1] = netmask;
 
-                i = node->count - 2;
-                while (i >= 0) {
-                    if (netmask < node->netmasks[i]) {
-                        node->netmasks[i + 1] = netmask;
+                int index = node->count - 2;
+                while (index >= 0) {
+                    if (netmask < node->netmasks[index]) {
+                        node->netmasks[index + 1] = netmask;
                         break;
                     }
 
-                    node->netmasks[i + 1] = node->netmasks[i];
-                    node->netmasks[i] = netmask;
-                    i--;
+                    node->netmasks[index + 1] = node->netmasks[index];
+                    node->netmasks[index] = netmask;
+                    index--;
                 }
             }
         } else {
@@ -481,6 +483,7 @@ TreeNode *CPTAddElement(unsigned char *ipdata, unsigned int ip_bitmask, CPTTree
             }
 
             i_node->netmasks = reinterpret_cast<unsigned char *>(malloc((node->count - i) * sizeof(unsigned char)));
+            memset(i_node->netmasks, 0, ((node->count - i) * sizeof(unsigned char)));
 
             if(i_node->netmasks == NULL) {
                 free(new_node->prefix);