Attachment 2381 Details for Bug 2163 – sftp.c leak fix

[patch] sftp.c leak fix

bz2163-sftp.diff (text/plain), 2.55 KB, created by Damien Miller on 2013-12-05 10:55:07 AEDT

(hide)

Description:

Filename:

MIME Type:

Creator: Damien Miller

Created: 2013-12-05 10:55:07 AEDT

Size: 2.55 KB

patch

obsolete

>Index: sftp-client.c
>===================================================================
>RCS file: /cvs/src/usr.bin/ssh/sftp-client.c,v
>retrieving revision 1.110
>diff -u -p -r1.110 sftp-client.c
>--- sftp-client.c	4 Dec 2013 04:20:01 -0000	1.110
>+++ sftp-client.c	4 Dec 2013 23:54:17 -0000
>@@ -453,6 +453,10 @@ do_lsreaddir(struct sftp_conn *conn, cha
> 	Buffer msg;
> 	u_int count, type, id, handle_len, i, expected_id, ents = 0;
> 	char *handle;
>+	int status;
>+
>+	if (dir)
>+		*dir = NULL;
> 
> 	id = conn->msg_id++;
> 
>@@ -499,20 +503,12 @@ do_lsreaddir(struct sftp_conn *conn, cha
> 			fatal("ID mismatch (%u != %u)", id, expected_id);
> 
> 		if (type == SSH2_FXP_STATUS) {
>-			int status = buffer_get_int(&msg);
>-
>+			status = buffer_get_int(&msg);
> 			debug3("Received SSH2_FXP_STATUS %d", status);
>-
>-			if (status == SSH2_FX_EOF) {
>+			if (status == SSH2_FX_EOF)
> 				break;
>-			} else {
>-				error("Couldn't read directory: %s",
>-				    fx2txt(status));
>-				do_close(conn, handle, handle_len);
>-				free(handle);
>-				buffer_free(&msg);
>-				return(status);
>-			}
>+			error("Couldn't read directory: %s", fx2txt(status));
>+			goto out;
> 		} else if (type != SSH2_FXP_NAME)
> 			fatal("Expected SSH2_FXP_NAME(%u) packet, got %u",
> 			    SSH2_FXP_NAME, type);
>@@ -540,10 +536,7 @@ do_lsreaddir(struct sftp_conn *conn, cha
> 			if (strchr(filename, '/') != NULL) {
> 				error("Server sent suspect path \"%s\" "
> 				    "during readdir of \"%s\"", filename, path);
>-				goto next;
>-			}
>-
>-			if (dir) {
>+			} else if (dir) {
> 				*dir = xrealloc(*dir, ents + 2, sizeof(**dir));
> 				(*dir)[ents] = xcalloc(1, sizeof(***dir));
> 				(*dir)[ents]->filename = xstrdup(filename);
>@@ -551,24 +544,29 @@ do_lsreaddir(struct sftp_conn *conn, cha
> 				memcpy(&(*dir)[ents]->a, a, sizeof(*a));
> 				(*dir)[++ents] = NULL;
> 			}
>- next:
> 			free(filename);
> 			free(longname);
> 		}
> 	}
>+	status = 0;
> 
>+ out:
> 	buffer_free(&msg);
> 	do_close(conn, handle, handle_len);
> 	free(handle);
> 
>-	/* Don't return partial matches on interrupt */
>-	if (interrupted && dir != NULL && *dir != NULL) {
>+	if (status != 0 && dir != NULL) {
>+		/* Don't return results on error */
>+		free_sftp_dirents(*dir);
>+		*dir = NULL;
>+	} else if (interrupted && dir != NULL && *dir != NULL) {
>+		/* Don't return partial matches on interrupt */
> 		free_sftp_dirents(*dir);
> 		*dir = xcalloc(1, sizeof(**dir));
> 		**dir = NULL;
> 	}
> 
>-	return 0;
>+	return status;
> }
> 
> int
>@@ -581,6 +579,8 @@ void free_sftp_dirents(SFTP_DIRENT **s)
> {
> 	int i;
> 
>+	if (s == NULL)
>+		return;
> 	for (i = 0; s[i]; i++) {
> 		free(s[i]->filename);
> 		free(s[i]->longname);

Actions: View | Diff

Attachments on bug 2163: 2356 | 2357 | 2358 | 2359 | 2360 | 2361 | 2362 | 2363 | 2381