From 13f96f940ec6fd8097ed5f978e4f6e816e24a970 Mon Sep 17 00:00:00 2001
From: Hiroshi Hatake <hiroshi@chronosphere.io>
Date: Fri, 28 Jun 2024 04:49:10 +0900
Subject: [PATCH] in_winetvlog: Handle buffer allocation error and not mapped
 error (#9011)

* in_winetvlog: Handle formatting and not mapped error properly

---------

Signed-off-by: Hiroshi Hatake <hiroshi@chronosphere.io>
---
 plugins/in_winevtlog/pack.c      | 15 ++++++++++++---
 plugins/in_winevtlog/winevtlog.c |  6 ++++--
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/plugins/in_winevtlog/pack.c b/plugins/in_winevtlog/pack.c
index 0a03e83dbf8..97dacce822e 100644
--- a/plugins/in_winevtlog/pack.c
+++ b/plugins/in_winevtlog/pack.c
@@ -282,7 +282,9 @@ static int pack_sid(struct winevtlog_config *ctx, PSID sid, int extract_sid)
                                    &len, &sid_type)) {
                 err = GetLastError();
                 if (err == ERROR_NONE_MAPPED) {
-                    strcpy_s(account, MAX_NAME, "NONE_MAPPED");
+                    flb_plg_debug(ctx->ins, "AccountSid is not mapped. code: %u", err);
+
+                    goto not_mapped_error;
                 }
                 else {
                     flb_plg_warn(ctx->ins, "LookupAccountSid Error %u", err);
@@ -296,6 +298,8 @@ static int pack_sid(struct winevtlog_config *ctx, PSID sid, int extract_sid)
             if (formatted == NULL) {
                 flb_plg_warn(ctx->ins, "create result buffer failed");
 
+                ret = -1;
+
                 goto error;
             }
 
@@ -327,12 +331,17 @@ static int pack_sid(struct winevtlog_config *ctx, PSID sid, int extract_sid)
             return ret;
         }
 
-    error:
+    not_mapped_error:
         ret = pack_wstr(ctx, wide_sid);
 
         LocalFree(wide_sid);
 
-        return -1;
+        return ret;
+
+    error:
+        LocalFree(wide_sid);
+
+        return ret;
     }
 
     return ret;
diff --git a/plugins/in_winevtlog/winevtlog.c b/plugins/in_winevtlog/winevtlog.c
index 90c3b19b13d..d5fc6fa42a2 100644
--- a/plugins/in_winevtlog/winevtlog.c
+++ b/plugins/in_winevtlog/winevtlog.c
@@ -301,7 +301,7 @@ PWSTR get_message(EVT_HANDLE metadata, EVT_HANDLE handle, unsigned int *message_
     if (!buffer) {
         flb_error("failed to premalloc message buffer");
 
-        goto cleanup;
+        goto buffer_error;
     }
 
     // Get the size of the buffer
@@ -316,7 +316,7 @@ PWSTR get_message(EVT_HANDLE metadata, EVT_HANDLE handle, unsigned int *message_
                 flb_error("failed to malloc message buffer");
                 flb_free(previous_buffer);
 
-                goto cleanup;
+                goto buffer_error;
             }
 
             if (!EvtFormatMessage(metadata,
@@ -386,6 +386,8 @@ PWSTR get_message(EVT_HANDLE metadata, EVT_HANDLE handle, unsigned int *message_
         flb_free(buffer);
     }
 
+buffer_error:
+
     return message;
 }