Actions
Bug #8679
open
DB
DB
app-layer/smtp: check return value of FileAppendData in raw extraction mode
Bug #8679:
app-layer/smtp: check return value of FileAppendData in raw extraction mode
Affected Versions:
Effort:
Difficulty:
Label:
Description
In SMTPProcessCommandDATA() (src/app-layer-smtp.c), the return value of
FileAppendData() is ignored in the raw_extraction branch. When FileAppendData
fails (e.g. due to memory allocation failure in the streaming buffer), the
file silently transitions to FILE_STATE_ERROR without any diagnostic log
message. This leads to incomplete file inspection and potential missed
detections.
In 6 out of 7 other call sites in the codebase, the return value of
FileAppendData is checked. Neighbouring file operations in the same file
(FileOpenFileWithId, FileCloseFile) also explicitly handle errors.
Fix: store the return value and log a debug message on failure.
Flagged by Svace static analyzer (UNCHECKED_FUNC_RES.STAT).
Actions