From 94040cc0d930af2abf5eb0d2f217e598de7bd75f Mon Sep 17 00:00:00 2001
From: emanuele-f <faranda@ntop.org>
Date: Thu, 18 Oct 2018 15:18:44 +0200
Subject: [PATCH] Fix mismatched free and strcpy overlap

---
 src/Flow.cpp             | 8 ++++----
 src/HTTPserver.cpp       | 6 +++++-
 src/NetworkInterface.cpp | 4 ++--
 3 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/src/Flow.cpp b/src/Flow.cpp
index 94aaa9edc5..fcee1fac06 100644
--- a/src/Flow.cpp
+++ b/src/Flow.cpp
@@ -178,8 +178,8 @@ Flow::~Flow() {
   if(srv_host) srv_host->decNumFlows(false, cli_host), srv_host->decUses();
 
   if(json_info)        free(json_info);
-  if(client_proc)      delete(client_proc);
-  if(server_proc)      delete(server_proc);
+  if(client_proc)      free(client_proc);
+  if(server_proc)      free(server_proc);
   if(host_server_name) free(host_server_name);
 
   if(isHTTP()) {
@@ -2650,7 +2650,7 @@ void Flow::handle_process(ProcessInfo *pinfo, bool client_process) {
     if(client_proc)
       memcpy(client_proc, pinfo, sizeof(ProcessInfo));
     else {
-      if((proc = new ProcessInfo) == NULL) return;
+      if((proc = (ProcessInfo*)malloc(sizeof(ProcessInfo))) == NULL) return;
       memcpy(proc, pinfo, sizeof(ProcessInfo));
       client_proc = proc, cli_host->setSystemHost(); /* Outgoing */
     }
@@ -2658,7 +2658,7 @@ void Flow::handle_process(ProcessInfo *pinfo, bool client_process) {
     if(server_proc)
       memcpy(server_proc, pinfo, sizeof(ProcessInfo));
     else {
-      if((proc = new ProcessInfo) == NULL) return;
+      if((proc = (ProcessInfo*)malloc(sizeof(ProcessInfo))) == NULL) return;
       memcpy(proc, pinfo, sizeof(ProcessInfo));
       server_proc = proc, srv_host->setSystemHost();  /* Incoming */
     }
diff --git a/src/HTTPserver.cpp b/src/HTTPserver.cpp
index f9c5352920..0ab9f62b76 100644
--- a/src/HTTPserver.cpp
+++ b/src/HTTPserver.cpp
@@ -630,7 +630,11 @@ static void authorize(struct mg_connection *conn,
     /* Referer url must begin with '/' */
     if((referer[0] != '/') || (strcmp(referer, AUTHORIZE_URL) == 0)) {
       char *r = strchr(referer, '/');
-      strcpy(referer, r ? r : "/");
+
+      if(r)
+	memmove(referer, r, strlen(r)+1 /* with null terminator */);
+      else
+	strcpy(referer, "/");
     }
 
     /* Send session cookie and set user for the new session */
diff --git a/src/NetworkInterface.cpp b/src/NetworkInterface.cpp
index 6c6fcc6ead..97f1576f53 100644
--- a/src/NetworkInterface.cpp
+++ b/src/NetworkInterface.cpp
@@ -734,9 +734,9 @@ void NetworkInterface::deleteDataStructures() {
   if(ebpfEvents) {
     for(u_int16_t i=0; i<EBPF_QUEUE_LEN; i++)
       if(ebpfEvents[i])
-	delete ebpfEvents[i];
+	free(ebpfEvents[i]);
     
-    delete ebpfEvents;
+    free(ebpfEvents);
   }
 #endif
 }