From: Philippe Antoine Date: Tue, 9 Mar 2021 14:22:47 +0000 (+0100) Subject: dnp3: fixes use after realloc/free in output X-Git-Tag: suricata-6.0.3~13 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dedfa602dd6663290790c9d25dea3fa66878597d;p=thirdparty%2Fsuricata.git dnp3: fixes use after realloc/free in output OutputJsonBuilderBuffer can realloc the buffer So, we need to give it the right reference --- diff --git a/src/output-json-dnp3.c b/src/output-json-dnp3.c index 9292b1387e..7b2a7192e4 100644 --- a/src/output-json-dnp3.c +++ b/src/output-json-dnp3.c @@ -218,9 +218,7 @@ static int JsonDNP3LoggerToServer(ThreadVars *tv, void *thread_data, LogDNP3LogThread *thread = (LogDNP3LogThread *)thread_data; DNP3Transaction *tx = vtx; - MemBuffer *buffer = (MemBuffer *)thread->buffer; - - MemBufferReset(buffer); + MemBufferReset(thread->buffer); if (tx->has_request && tx->request_done) { JsonBuilder *js = CreateEveHeader(p, LOG_DIR_FLOW, "dnp3", NULL); if (unlikely(js == NULL)) { @@ -232,7 +230,7 @@ static int JsonDNP3LoggerToServer(ThreadVars *tv, void *thread_data, jb_open_object(js, "dnp3"); JsonDNP3LogRequest(js, tx); jb_close(js); - OutputJsonBuilderBuffer(js, thread->file_ctx, &buffer); + OutputJsonBuilderBuffer(js, thread->file_ctx, &thread->buffer); jb_free(js); } @@ -246,9 +244,7 @@ static int JsonDNP3LoggerToClient(ThreadVars *tv, void *thread_data, LogDNP3LogThread *thread = (LogDNP3LogThread *)thread_data; DNP3Transaction *tx = vtx; - MemBuffer *buffer = (MemBuffer *)thread->buffer; - - MemBufferReset(buffer); + MemBufferReset(thread->buffer); if (tx->has_response && tx->response_done) { JsonBuilder *js = CreateEveHeader(p, LOG_DIR_FLOW, "dnp3", NULL); if (unlikely(js == NULL)) { @@ -259,7 +255,7 @@ static int JsonDNP3LoggerToClient(ThreadVars *tv, void *thread_data, jb_open_object(js, "dnp3"); JsonDNP3LogResponse(js, tx); jb_close(js); - OutputJsonBuilderBuffer(js, thread->file_ctx, &buffer); + OutputJsonBuilderBuffer(js, thread->file_ctx, &thread->buffer); jb_free(js); }