output-json-alert: fix segfault when alerts separated out from eve-log.

10 years ago · 4db3a0f0b4
parent f7c568d1b2
commit 4db3a0f0b4
1 changed files with 80 additions and 51 deletions
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@ -333,7 +333,7 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
        HttpXFFCfg *xff_cfg = json_output_ctx->xff_cfg;

        /* xff header */
-        if (!(xff_cfg->flags & XFF_DISABLED) && p->flow != NULL) {
+        if ((xff_cfg != NULL) && !(xff_cfg->flags & XFF_DISABLED) && p->flow != NULL) {
            int have_xff_ip = 0;
            char buffer[XFF_MAXLEN];

@ -513,9 +513,15 @@ static TmEcode JsonAlertLogThreadDeinit(ThreadVars *t, void *data)

 static void JsonAlertLogDeInitCtx(OutputCtx *output_ctx)
 {
-    SCLogDebug("cleaning up output_ctx");
-    LogFileCtx *logfile_ctx = (LogFileCtx *)output_ctx->data;
-    LogFileFreeCtx(logfile_ctx);
+    AlertJsonOutputCtx *json_output_ctx = (AlertJsonOutputCtx *) output_ctx->data;
+    if (json_output_ctx != NULL) {
+        HttpXFFCfg *xff_cfg = json_output_ctx->xff_cfg;
+        if (xff_cfg != NULL) {
+            SCFree(xff_cfg);
+        }
+        LogFileFreeCtx(json_output_ctx->file_ctx);
+        SCFree(json_output_ctx);
+    }
    SCFree(output_ctx);
 }

@ -538,61 +544,16 @@ static void JsonAlertLogDeInitCtxSub(OutputCtx *output_ctx)

 #define DEFAULT_LOG_FILENAME "alert.json"

-/**
- * \brief Create a new LogFileCtx for "fast" output style.
- * \param conf The configuration node for this output.
- * \return A LogFileCtx pointer on success, NULL on failure.
- */
-static OutputCtx *JsonAlertLogInitCtx(ConfNode *conf)
-{
-    LogFileCtx *logfile_ctx = LogFileNewCtx();
-    if (logfile_ctx == NULL) {
-        SCLogDebug("AlertFastLogInitCtx2: Could not create new LogFileCtx");
-        return NULL;
-    }
-
-    if (SCConfLogOpenGeneric(conf, logfile_ctx, DEFAULT_LOG_FILENAME, 1) < 0) {
-        LogFileFreeCtx(logfile_ctx);
-        return NULL;
-    }
-
-    OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
-    if (unlikely(output_ctx == NULL))
-        return NULL;
-    output_ctx->data = logfile_ctx;
-    output_ctx->DeInit = JsonAlertLogDeInitCtx;
-
-    return output_ctx;
-}
-
-/**
- * \brief Create a new LogFileCtx for "fast" output style.
- * \param conf The configuration node for this output.
- * \return A LogFileCtx pointer on success, NULL on failure.
- */
-static OutputCtx *JsonAlertLogInitCtxSub(ConfNode *conf, OutputCtx *parent_ctx)
+static void XffSetup(AlertJsonOutputCtx *json_output_ctx, ConfNode *conf)
 {
-    OutputJsonCtx *ajt = parent_ctx->data;
-    AlertJsonOutputCtx *json_output_ctx = NULL;
    HttpXFFCfg *xff_cfg = NULL;

-    OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
-    if (unlikely(output_ctx == NULL))
-        return NULL;
-
-    json_output_ctx = SCMalloc(sizeof(AlertJsonOutputCtx));
-    if (unlikely(json_output_ctx == NULL)) {
-        goto error;
-    }
-    memset(json_output_ctx, 0, sizeof(AlertJsonOutputCtx));
-
    xff_cfg = SCMalloc(sizeof(HttpXFFCfg));
    if (unlikely(xff_cfg == NULL)) {
-        goto error;
+        return;
    }
    memset(xff_cfg, 0, sizeof(HttpXFFCfg));

-    json_output_ctx->file_ctx = ajt->file_ctx;
    json_output_ctx->xff_cfg = xff_cfg;

    if (conf != NULL) {
@ -642,6 +603,74 @@ static OutputCtx *JsonAlertLogInitCtxSub(ConfNode *conf, OutputCtx *parent_ctx)

        HttpXFFGetCfg(conf, xff_cfg);
    }
+}
+
+/**
+ * \brief Create a new LogFileCtx for "fast" output style.
+ * \param conf The configuration node for this output.
+ * \return A LogFileCtx pointer on success, NULL on failure.
+ */
+static OutputCtx *JsonAlertLogInitCtx(ConfNode *conf)
+{
+    AlertJsonOutputCtx *json_output_ctx = NULL;
+    LogFileCtx *logfile_ctx = LogFileNewCtx();
+    if (logfile_ctx == NULL) {
+        SCLogDebug("AlertFastLogInitCtx2: Could not create new LogFileCtx");
+        return NULL;
+    }
+
+    if (SCConfLogOpenGeneric(conf, logfile_ctx, DEFAULT_LOG_FILENAME, 1) < 0) {
+        LogFileFreeCtx(logfile_ctx);
+        return NULL;
+    }
+
+    OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
+    if (unlikely(output_ctx == NULL)) {
+        LogFileFreeCtx(logfile_ctx);
+        return NULL;
+    }
+
+    json_output_ctx = SCMalloc(sizeof(AlertJsonOutputCtx));
+    if (unlikely(json_output_ctx == NULL)) {
+        LogFileFreeCtx(logfile_ctx);
+        SCFree(output_ctx);
+        return NULL;
+    }
+    memset(json_output_ctx, 0, sizeof(AlertJsonOutputCtx));
+
+    json_output_ctx->file_ctx = logfile_ctx;
+
+    XffSetup(json_output_ctx, conf);
+
+    output_ctx->data = json_output_ctx;
+    output_ctx->DeInit = JsonAlertLogDeInitCtx;
+
+    return output_ctx;
+}
+
+/**
+ * \brief Create a new LogFileCtx for "fast" output style.
+ * \param conf The configuration node for this output.
+ * \return A LogFileCtx pointer on success, NULL on failure.
+ */
+static OutputCtx *JsonAlertLogInitCtxSub(ConfNode *conf, OutputCtx *parent_ctx)
+{
+    OutputJsonCtx *ajt = parent_ctx->data;
+    AlertJsonOutputCtx *json_output_ctx = NULL;
+
+    OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
+    if (unlikely(output_ctx == NULL))
+        return NULL;
+
+    json_output_ctx = SCMalloc(sizeof(AlertJsonOutputCtx));
+    if (unlikely(json_output_ctx == NULL)) {
+        goto error;
+    }
+    memset(json_output_ctx, 0, sizeof(AlertJsonOutputCtx));
+
+    json_output_ctx->file_ctx = ajt->file_ctx;
+
+    XffSetup(json_output_ctx, conf);

    output_ctx->data = json_output_ctx;
    output_ctx->DeInit = JsonAlertLogDeInitCtxSub;