From: Tom DeCanio Date: Tue, 12 Jan 2016 19:25:47 +0000 (-0800) Subject: output-json-alert: fix segfault when alerts separated out from eve-log. X-Git-Tag: suricata-3.0.1RC1~105 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4db3a0f0b475652c39a7438c70498af31ac0ee4f;p=thirdparty%2Fsuricata.git output-json-alert: fix segfault when alerts separated out from eve-log. --- diff --git a/src/output-json-alert.c b/src/output-json-alert.c index 8d09ed759b..bd8f93e9a6 100644 --- a/src/output-json-alert.c +++ b/src/output-json-alert.c @@ -333,7 +333,7 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p) HttpXFFCfg *xff_cfg = json_output_ctx->xff_cfg; /* xff header */ - if (!(xff_cfg->flags & XFF_DISABLED) && p->flow != NULL) { + if ((xff_cfg != NULL) && !(xff_cfg->flags & XFF_DISABLED) && p->flow != NULL) { int have_xff_ip = 0; char buffer[XFF_MAXLEN]; @@ -513,9 +513,15 @@ static TmEcode JsonAlertLogThreadDeinit(ThreadVars *t, void *data) static void JsonAlertLogDeInitCtx(OutputCtx *output_ctx) { - SCLogDebug("cleaning up output_ctx"); - LogFileCtx *logfile_ctx = (LogFileCtx *)output_ctx->data; - LogFileFreeCtx(logfile_ctx); + AlertJsonOutputCtx *json_output_ctx = (AlertJsonOutputCtx *) output_ctx->data; + if (json_output_ctx != NULL) { + HttpXFFCfg *xff_cfg = json_output_ctx->xff_cfg; + if (xff_cfg != NULL) { + SCFree(xff_cfg); + } + LogFileFreeCtx(json_output_ctx->file_ctx); + SCFree(json_output_ctx); + } SCFree(output_ctx); } @@ -538,61 +544,16 @@ static void JsonAlertLogDeInitCtxSub(OutputCtx *output_ctx) #define DEFAULT_LOG_FILENAME "alert.json" -/** - * \brief Create a new LogFileCtx for "fast" output style. - * \param conf The configuration node for this output. - * \return A LogFileCtx pointer on success, NULL on failure. - */ -static OutputCtx *JsonAlertLogInitCtx(ConfNode *conf) -{ - LogFileCtx *logfile_ctx = LogFileNewCtx(); - if (logfile_ctx == NULL) { - SCLogDebug("AlertFastLogInitCtx2: Could not create new LogFileCtx"); - return NULL; - } - - if (SCConfLogOpenGeneric(conf, logfile_ctx, DEFAULT_LOG_FILENAME, 1) < 0) { - LogFileFreeCtx(logfile_ctx); - return NULL; - } - - OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx)); - if (unlikely(output_ctx == NULL)) - return NULL; - output_ctx->data = logfile_ctx; - output_ctx->DeInit = JsonAlertLogDeInitCtx; - - return output_ctx; -} - -/** - * \brief Create a new LogFileCtx for "fast" output style. - * \param conf The configuration node for this output. - * \return A LogFileCtx pointer on success, NULL on failure. - */ -static OutputCtx *JsonAlertLogInitCtxSub(ConfNode *conf, OutputCtx *parent_ctx) +static void XffSetup(AlertJsonOutputCtx *json_output_ctx, ConfNode *conf) { - OutputJsonCtx *ajt = parent_ctx->data; - AlertJsonOutputCtx *json_output_ctx = NULL; HttpXFFCfg *xff_cfg = NULL; - OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx)); - if (unlikely(output_ctx == NULL)) - return NULL; - - json_output_ctx = SCMalloc(sizeof(AlertJsonOutputCtx)); - if (unlikely(json_output_ctx == NULL)) { - goto error; - } - memset(json_output_ctx, 0, sizeof(AlertJsonOutputCtx)); - xff_cfg = SCMalloc(sizeof(HttpXFFCfg)); if (unlikely(xff_cfg == NULL)) { - goto error; + return; } memset(xff_cfg, 0, sizeof(HttpXFFCfg)); - json_output_ctx->file_ctx = ajt->file_ctx; json_output_ctx->xff_cfg = xff_cfg; if (conf != NULL) { @@ -642,6 +603,74 @@ static OutputCtx *JsonAlertLogInitCtxSub(ConfNode *conf, OutputCtx *parent_ctx) HttpXFFGetCfg(conf, xff_cfg); } +} + +/** + * \brief Create a new LogFileCtx for "fast" output style. + * \param conf The configuration node for this output. + * \return A LogFileCtx pointer on success, NULL on failure. + */ +static OutputCtx *JsonAlertLogInitCtx(ConfNode *conf) +{ + AlertJsonOutputCtx *json_output_ctx = NULL; + LogFileCtx *logfile_ctx = LogFileNewCtx(); + if (logfile_ctx == NULL) { + SCLogDebug("AlertFastLogInitCtx2: Could not create new LogFileCtx"); + return NULL; + } + + if (SCConfLogOpenGeneric(conf, logfile_ctx, DEFAULT_LOG_FILENAME, 1) < 0) { + LogFileFreeCtx(logfile_ctx); + return NULL; + } + + OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx)); + if (unlikely(output_ctx == NULL)) { + LogFileFreeCtx(logfile_ctx); + return NULL; + } + + json_output_ctx = SCMalloc(sizeof(AlertJsonOutputCtx)); + if (unlikely(json_output_ctx == NULL)) { + LogFileFreeCtx(logfile_ctx); + SCFree(output_ctx); + return NULL; + } + memset(json_output_ctx, 0, sizeof(AlertJsonOutputCtx)); + + json_output_ctx->file_ctx = logfile_ctx; + + XffSetup(json_output_ctx, conf); + + output_ctx->data = json_output_ctx; + output_ctx->DeInit = JsonAlertLogDeInitCtx; + + return output_ctx; +} + +/** + * \brief Create a new LogFileCtx for "fast" output style. + * \param conf The configuration node for this output. + * \return A LogFileCtx pointer on success, NULL on failure. + */ +static OutputCtx *JsonAlertLogInitCtxSub(ConfNode *conf, OutputCtx *parent_ctx) +{ + OutputJsonCtx *ajt = parent_ctx->data; + AlertJsonOutputCtx *json_output_ctx = NULL; + + OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx)); + if (unlikely(output_ctx == NULL)) + return NULL; + + json_output_ctx = SCMalloc(sizeof(AlertJsonOutputCtx)); + if (unlikely(json_output_ctx == NULL)) { + goto error; + } + memset(json_output_ctx, 0, sizeof(AlertJsonOutputCtx)); + + json_output_ctx->file_ctx = ajt->file_ctx; + + XffSetup(json_output_ctx, conf); output_ctx->data = json_output_ctx; output_ctx->DeInit = JsonAlertLogDeInitCtxSub;