Project

General

Profile

Actions

Bug #8679

open
DB DB

app-layer/smtp: check return value of FileAppendData in raw extraction mode

Bug #8679: app-layer/smtp: check return value of FileAppendData in raw extraction mode

Added by Denis Balashov 10 days ago. Updated 2 days ago.

Status:
In Review
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

In SMTPProcessCommandDATA() (src/app-layer-smtp.c), the return value of
FileAppendData() is ignored in the raw_extraction branch. When FileAppendData
fails (e.g. due to memory allocation failure in the streaming buffer), the
file silently transitions to FILE_STATE_ERROR without any diagnostic log
message. This leads to incomplete file inspection and potential missed
detections.

In 6 out of 7 other call sites in the codebase, the return value of
FileAppendData is checked. Neighbouring file operations in the same file
(FileOpenFileWithId, FileCloseFile) also explicitly handle errors.

Fix: store the return value and log a debug message on failure.

Flagged by Svace static analyzer (UNCHECKED_FUNC_RES.STAT).

PR: https://github.com/OISF/suricata/pull/15721


Subtasks 2 (2 open0 closed)

Bug #8708: app-layer/smtp: check return value of FileAppendData in raw extraction mode (8.0.x backport)AssignedOISF DevActions
Bug #8709: app-layer/smtp: check return value of FileAppendData in raw extraction mode (7.0.x backport)AssignedOISF DevActions
Actions

Also available in: PDF Atom