Bug #8679
openapp-layer/smtp: check return value of FileAppendData in raw extraction mode
Description
In SMTPProcessCommandDATA() (src/app-layer-smtp.c), the return value of
FileAppendData() is ignored in the raw_extraction branch. When FileAppendData
fails (e.g. due to memory allocation failure in the streaming buffer), the
file silently transitions to FILE_STATE_ERROR without any diagnostic log
message. This leads to incomplete file inspection and potential missed
detections.
In 6 out of 7 other call sites in the codebase, the return value of
FileAppendData is checked. Neighbouring file operations in the same file
(FileOpenFileWithId, FileCloseFile) also explicitly handle errors.
Fix: store the return value and log a debug message on failure.
Flagged by Svace static analyzer (UNCHECKED_FUNC_RES.STAT).
DB Updated by Denis Balashov 10 days ago
- Description updated (diff)
LS Updated by Lukas Sismis 2 days ago
- Status changed from New to In Review
- Assignee set to Denis Balashov
- Target version changed from TBD to 9.0.0-beta1
- Label Needs backport to 7.0, Needs backport to 8.0 added
https://github.com/OISF/suricata/pull/15721
This deserves to update and evaluate the one C use and multiple Rust uses of this function.
OT Updated by OISF Ticketbot 2 days ago
- Subtask #8708 added
OT Updated by OISF Ticketbot 2 days ago
- Label deleted (
Needs backport to 8.0)
OT Updated by OISF Ticketbot 2 days ago
- Subtask #8709 added
OT Updated by OISF Ticketbot 2 days ago
- Label deleted (
Needs backport to 7.0)