Project

General

Profile

Actions

Bug #8679

open
DB DB

app-layer/smtp: check return value of FileAppendData in raw extraction mode

Bug #8679: app-layer/smtp: check return value of FileAppendData in raw extraction mode

Added by Denis Balashov 10 days ago. Updated 2 days ago.

Status:
In Review
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

In SMTPProcessCommandDATA() (src/app-layer-smtp.c), the return value of
FileAppendData() is ignored in the raw_extraction branch. When FileAppendData
fails (e.g. due to memory allocation failure in the streaming buffer), the
file silently transitions to FILE_STATE_ERROR without any diagnostic log
message. This leads to incomplete file inspection and potential missed
detections.

In 6 out of 7 other call sites in the codebase, the return value of
FileAppendData is checked. Neighbouring file operations in the same file
(FileOpenFileWithId, FileCloseFile) also explicitly handle errors.

Fix: store the return value and log a debug message on failure.

Flagged by Svace static analyzer (UNCHECKED_FUNC_RES.STAT).

PR: https://github.com/OISF/suricata/pull/15721


Subtasks 2 (2 open0 closed)

Bug #8708: app-layer/smtp: check return value of FileAppendData in raw extraction mode (8.0.x backport)AssignedOISF DevActions
Bug #8709: app-layer/smtp: check return value of FileAppendData in raw extraction mode (7.0.x backport)AssignedOISF DevActions

DB Updated by Denis Balashov 10 days ago Actions #1

  • Description updated (diff)

LS Updated by Lukas Sismis 2 days ago Actions #2

  • Status changed from New to In Review
  • Assignee set to Denis Balashov
  • Target version changed from TBD to 9.0.0-beta1
  • Label Needs backport to 7.0, Needs backport to 8.0 added

https://github.com/OISF/suricata/pull/15721

This deserves to update and evaluate the one C use and multiple Rust uses of this function.

OT Updated by OISF Ticketbot 2 days ago Actions #3

  • Subtask #8708 added

OT Updated by OISF Ticketbot 2 days ago Actions #4

  • Label deleted (Needs backport to 8.0)

OT Updated by OISF Ticketbot 2 days ago Actions #5

  • Subtask #8709 added

OT Updated by OISF Ticketbot 2 days ago Actions #6

  • Label deleted (Needs backport to 7.0)
Actions

Also available in: PDF Atom