From 7406ac0fa595658c70ed3f13cf79656f2b0d290a Mon Sep 17 00:00:00 2001 From: Shivani Bhardwaj Date: Wed, 4 Oct 2023 13:14:41 +0530 Subject: [PATCH] output/email: use SCCalloc for OutputJsonEmailCtx email_ctx->fields only gets populated when smtp.custom setting is on. The fn EveEmailLogJSONCustom is called when either 1. smtp.extended setting is on or, 2. email_ctx->fields is populated which means smtp.custom setting is on In case neither of these are set in suricata.yaml, no call should ideally be made to the fn EveEmailLogJSONCustom. However, it turns out that email_ctx->fields is unset and then set only after the smtp config was found. This leads to email_ctx->fields sometimes contain value even when no config was given to the smtp section and can lead to unexpected output. Fix this by using SCCalloc while initializing OutputJsonEmailCtx struct instead of SCMalloc. Bug 6380 --- src/output-json-smtp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/output-json-smtp.c b/src/output-json-smtp.c index cc3003907585..f7674687c5c4 100644 --- a/src/output-json-smtp.c +++ b/src/output-json-smtp.c @@ -122,7 +122,7 @@ static OutputInitResult OutputSmtpLogInitSub(ConfNode *conf, OutputCtx *parent_c OutputInitResult result = { NULL, false }; OutputJsonCtx *ojc = parent_ctx->data; - OutputJsonEmailCtx *email_ctx = SCMalloc(sizeof(OutputJsonEmailCtx)); + OutputJsonEmailCtx *email_ctx = SCCalloc(1, sizeof(OutputJsonEmailCtx)); if (unlikely(email_ctx == NULL)) return result;