From: Shivani Bhardwaj Date: Wed, 4 Oct 2023 07:44:41 +0000 (+0530) Subject: output/email: use SCCalloc for OutputJsonEmailCtx X-Git-Tag: suricata-7.0.2~14 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7406ac0fa595658c70ed3f13cf79656f2b0d290a;p=thirdparty%2Fsuricata.git output/email: use SCCalloc for OutputJsonEmailCtx email_ctx->fields only gets populated when smtp.custom setting is on. The fn EveEmailLogJSONCustom is called when either 1. smtp.extended setting is on or, 2. email_ctx->fields is populated which means smtp.custom setting is on In case neither of these are set in suricata.yaml, no call should ideally be made to the fn EveEmailLogJSONCustom. However, it turns out that email_ctx->fields is unset and then set only after the smtp config was found. This leads to email_ctx->fields sometimes contain value even when no config was given to the smtp section and can lead to unexpected output. Fix this by using SCCalloc while initializing OutputJsonEmailCtx struct instead of SCMalloc. Bug 6380 --- diff --git a/src/output-json-smtp.c b/src/output-json-smtp.c index cc30039075..f7674687c5 100644 --- a/src/output-json-smtp.c +++ b/src/output-json-smtp.c @@ -122,7 +122,7 @@ static OutputInitResult OutputSmtpLogInitSub(ConfNode *conf, OutputCtx *parent_c OutputInitResult result = { NULL, false }; OutputJsonCtx *ojc = parent_ctx->data; - OutputJsonEmailCtx *email_ctx = SCMalloc(sizeof(OutputJsonEmailCtx)); + OutputJsonEmailCtx *email_ctx = SCCalloc(1, sizeof(OutputJsonEmailCtx)); if (unlikely(email_ctx == NULL)) return result;