Bug #8679
Updated by Denis Balashov 10 days ago
In SMTPProcessCommandDATA() (src/app-layer-smtp.c), the return value of FileAppendData() is ignored in the raw_extraction branch. When FileAppendData fails (e.g. due to memory allocation failure in the streaming buffer), the file silently transitions to FILE_STATE_ERROR without any diagnostic log message. This leads to incomplete file inspection and potential missed detections. In 6 out of 7 other call sites in the codebase, the return value of FileAppendData is checked. Neighbouring file operations in the same file (FileOpenFileWithId, FileCloseFile) also explicitly handle errors. Fix: store the return value and log a debug message on failure. Flagged by Svace static analyzer (UNCHECKED_FUNC_RES.STAT). PR: https://github.com/OISF/suricata/pull/15721