From e4e3d35f22b1410c3eaa983a1c08f9931d686622 Mon Sep 17 00:00:00 2001
From: "Bhumika Sachdeva (bsachdev)" <bsachdev@cisco.com>
Date: Mon, 28 Apr 2025 20:04:17 +0000
Subject: [PATCH] Pull request #4708: appid: fixed crash while printing appid
 debug

Merge in SNORT/snort3 from ~BSACHDEV/snort3:crash_shadow_traffic_fix to master

Squashed commit of the following:

commit 565bd492cad3143672f4d3c6cd4ab425dfe81305
Author: bsachdev <bsachdev@cisco.com>
Date:   Mon Apr 21 12:53:15 2025 -0400

    appid: fixed crash while printing appid debug
---
 src/network_inspectors/appid/appid_debug.h    |  2 ++
 src/network_inspectors/appid/appid_session.cc | 10 ++++++++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/network_inspectors/appid/appid_debug.h b/src/network_inspectors/appid/appid_debug.h
index 92f2d5b0b..e61d82ea6 100644
--- a/src/network_inspectors/appid/appid_debug.h
+++ b/src/network_inspectors/appid/appid_debug.h
@@ -42,6 +42,8 @@ namespace snort
 }
 
 #define CURRENT_PACKET snort::DetectionEngine::get_current_packet()
+#define SAFE_CURRENT_PACKET ((Analyzer::get_local_analyzer() && snort::DetectionEngine::get_context()) ? \
+                     snort::DetectionEngine::get_current_packet() : nullptr)
 
 void appid_log(const snort::Packet*, const uint8_t log_level, const char*, ...);
 
diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc
index 45827a341..be52d3349 100644
--- a/src/network_inspectors/appid/appid_session.cc
+++ b/src/network_inspectors/appid/appid_session.cc
@@ -1218,10 +1218,16 @@ void AppIdSession::publish_shadow_traffic_event(const uint32_t &shadow_traffic_b
     const char* app_name;
     unsigned shadow_traffic_pub_id = 0;
     std::string str_print;
+    Packet* curr_packet = nullptr;
 
     AppId publishing_appid = get_shadow_traffic_publishing_appid();
     app_name = api.asd->get_odp_ctxt().get_app_info_mgr().get_app_name(publishing_appid);
 
+    if ((appidDebug and appidDebug->is_active()) || (appid_trace_enabled))
+    {
+        curr_packet = SAFE_CURRENT_PACKET;
+    }
+
     if (app_name == nullptr)
     {
         if ((shadow_traffic_bits & ShadowTraffic_Type_Domain_Fronting) && 
@@ -1231,7 +1237,7 @@ void AppIdSession::publish_shadow_traffic_event(const uint32_t &shadow_traffic_b
         }
         else 
         {
-            APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL,"Appname is invalid, not publishing shadow traffic event without appname\n");
+            APPID_LOG(curr_packet, TRACE_DEBUG_LEVEL,"Appname is invalid, not publishing shadow traffic event without appname\n");
             return; 
         }
     }
@@ -1244,7 +1250,7 @@ void AppIdSession::publish_shadow_traffic_event(const uint32_t &shadow_traffic_b
     if (appidDebug and appidDebug->is_active())
         change_shadow_traffic_bits_to_string(shadow_traffic_bits, str_print);
     
-    APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, 
+    APPID_LOG(curr_packet, TRACE_DEBUG_LEVEL, 
         "AppID: ShadowTraffic Published event for: %s, application_name: %s(%d)\n", 
         str_print.c_str(), app_name, publishing_appid);
 } 
-- 
2.47.2