From: Shivani Bhardwaj Date: Wed, 4 Oct 2023 07:44:41 +0000 (+0530) Subject: output/email: use SCCalloc for OutputJsonEmailCtx X-Git-Tag: suricata-6.0.15~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cc53447b3d2dbeeffc44a99eb33a5e151a30c549;p=thirdparty%2Fsuricata.git output/email: use SCCalloc for OutputJsonEmailCtx email_ctx->fields only gets populated when smtp.custom setting is on. The fn EveEmailLogJSONCustom is called when either 1. smtp.extended setting is on or, 2. email_ctx->fields is populated which means smtp.custom setting is on In case neither of these are set in suricata.yaml, no call should ideally be made to the fn EveEmailLogJSONCustom. However, it turns out that email_ctx->fields is unset and then set only after the smtp config was found. This leads to email_ctx->fields sometimes contain value even when no config was given to the smtp section and can lead to unexpected output. Fix this by using SCCalloc while initializing OutputJsonEmailCtx struct instead of SCMalloc. Bug 6380 (cherry picked from commit 7406ac0fa595658c70ed3f13cf79656f2b0d290a) --- diff --git a/src/output-json-smtp.c b/src/output-json-smtp.c index e331b01023..2b57f2ebed 100644 --- a/src/output-json-smtp.c +++ b/src/output-json-smtp.c @@ -126,7 +126,7 @@ static OutputInitResult OutputSmtpLogInitSub(ConfNode *conf, OutputCtx *parent_c OutputInitResult result = { NULL, false }; OutputJsonCtx *ojc = parent_ctx->data; - OutputJsonEmailCtx *email_ctx = SCMalloc(sizeof(OutputJsonEmailCtx)); + OutputJsonEmailCtx *email_ctx = SCCalloc(1, sizeof(OutputJsonEmailCtx)); if (unlikely(email_ctx == NULL)) return result;