in_winevtlog: Handle formatting and not mapped error properly

Signed-off-by: Hiroshi Hatake <hiroshi@chronosphere.io>
fluent · Jun 27, 2024 · 45eff69 · 45eff69
1 parent eb96c34
commit 45eff69
Showing 1 changed file with 12 additions and 3 deletions.
diff --git a/plugins/in_winevtlog/pack.c b/plugins/in_winevtlog/pack.c
@@ -282,7 +282,9 @@ static int pack_sid(struct winevtlog_config *ctx, PSID sid, int extract_sid)
                                    &len, &sid_type)) {
                 err = GetLastError();
                 if (err == ERROR_NONE_MAPPED) {
-                    strcpy_s(account, MAX_NAME, "NONE_MAPPED");
+                    flb_plg_debug(ctx->ins, "AccountSid is not mapped. code: %u", err);
+
+                    goto not_mapped_error;
                 }
                 else {
                     flb_plg_warn(ctx->ins, "LookupAccountSid Error %u", err);
@@ -296,6 +298,8 @@ static int pack_sid(struct winevtlog_config *ctx, PSID sid, int extract_sid)
             if (formatted == NULL) {
                 flb_plg_warn(ctx->ins, "create result buffer failed");
 
+                ret = -1;
+
                 goto error;
             }
 
@@ -327,12 +331,17 @@ static int pack_sid(struct winevtlog_config *ctx, PSID sid, int extract_sid)
             return ret;
         }
 
-    error:
+    not_mapped_error:
         ret = pack_wstr(ctx, wide_sid);
 
         LocalFree(wide_sid);
 
-        return -1;
+        return ret;
+
+    error:
+        LocalFree(wide_sid);
+
+        return ret;
     }
 
     return ret;