in_winetvlog: Handle buffer allocation error and not mapped error (#9011

) * in_winetvlog: Handle formatting and not mapped error properly --------- Signed-off-by: Hiroshi Hatake <hiroshi@chronosphere.io>
fluent · Jun 27, 2024 · 13f96f9 · 13f96f9
1 parent 060418c
commit 13f96f9
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 5 deletions.
diff --git a/plugins/in_winevtlog/pack.c b/plugins/in_winevtlog/pack.c
@@ -282,7 +282,9 @@ static int pack_sid(struct winevtlog_config *ctx, PSID sid, int extract_sid)
                                    &len, &sid_type)) {
                 err = GetLastError();
                 if (err == ERROR_NONE_MAPPED) {
-                    strcpy_s(account, MAX_NAME, "NONE_MAPPED");
+                    flb_plg_debug(ctx->ins, "AccountSid is not mapped. code: %u", err);
+
+                    goto not_mapped_error;
                 }
                 else {
                     flb_plg_warn(ctx->ins, "LookupAccountSid Error %u", err);
@@ -296,6 +298,8 @@ static int pack_sid(struct winevtlog_config *ctx, PSID sid, int extract_sid)
             if (formatted == NULL) {
                 flb_plg_warn(ctx->ins, "create result buffer failed");
 
+                ret = -1;
+
                 goto error;
             }
 
@@ -327,12 +331,17 @@ static int pack_sid(struct winevtlog_config *ctx, PSID sid, int extract_sid)
             return ret;
         }
 
-    error:
+    not_mapped_error:
         ret = pack_wstr(ctx, wide_sid);
 
         LocalFree(wide_sid);
 
-        return -1;
+        return ret;
+
+    error:
+        LocalFree(wide_sid);
+
+        return ret;
     }
 
     return ret;

diff --git a/plugins/in_winevtlog/winevtlog.c b/plugins/in_winevtlog/winevtlog.c
@@ -301,7 +301,7 @@ PWSTR get_message(EVT_HANDLE metadata, EVT_HANDLE handle, unsigned int *message_
     if (!buffer) {
         flb_error("failed to premalloc message buffer");
 
-        goto cleanup;
+        goto buffer_error;
     }
 
     // Get the size of the buffer
@@ -316,7 +316,7 @@ PWSTR get_message(EVT_HANDLE metadata, EVT_HANDLE handle, unsigned int *message_
                 flb_error("failed to malloc message buffer");
                 flb_free(previous_buffer);
 
-                goto cleanup;
+                goto buffer_error;
             }
 
             if (!EvtFormatMessage(metadata,
@@ -386,6 +386,8 @@ PWSTR get_message(EVT_HANDLE metadata, EVT_HANDLE handle, unsigned int *message_
         flb_free(buffer);
     }
 
+buffer_error:
+
     return message;
 }