Skip to content

Commit

Permalink
output/email: use SCCalloc for OutputJsonEmailCtx
Browse files Browse the repository at this point in the history 
email_ctx->fields only gets populated when smtp.custom setting is on.
The fn EveEmailLogJSONCustom is called when either
1. smtp.extended setting is on or,
2. email_ctx->fields is populated which means smtp.custom setting is on

In case neither of these are set in suricata.yaml, no call should
ideally be made to the fn EveEmailLogJSONCustom.
However, it turns out that email_ctx->fields is unset and then set only
after the smtp config was found. This leads to email_ctx->fields
sometimes contain value even when no config was given to the smtp
section and can lead to unexpected output.

Fix this by using SCCalloc while initializing OutputJsonEmailCtx struct
instead of SCMalloc.

Bug 6380
  • Loading branch information
@inashivb @victorjulien
inashivb authored and victorjulien committed Oct 6, 2023
1 parent 80173e0 commit 5dbebc0
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/output-json-smtp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,7 @@ static OutputInitResult OutputSmtpLogInitSub(ConfNode *conf, OutputCtx *parent_c
OutputInitResult result = { NULL, false };
OutputJsonCtx *ojc = parent_ctx->data;

OutputJsonEmailCtx *email_ctx = SCMalloc(sizeof(OutputJsonEmailCtx));
OutputJsonEmailCtx *email_ctx = SCCalloc(1, sizeof(OutputJsonEmailCtx));
if (unlikely(email_ctx == NULL))
return result;

Expand Down

0 comments on commit 5dbebc0

Please sign in to comment.