summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMax Dymond <cmeister2@gmail.com>2017-10-25 15:52:43 +0100
committerDaniel Stenberg <daniel@haxx.se>2017-10-25 18:44:47 +0200
commitf786d1f1433aef0cefb66432d6ed0f833c5ed90f (patch)
tree1b61210fe5566af845ddfd4b311af84917205c94
parentb9d25f9a6b3ca791385b80a6a3c3fa5ae113e1e0 (diff)
downloadcurl-f786d1f1433aef0cefb66432d6ed0f833c5ed90f.tar.gz
ftplistparser: free off temporary memory always
When using the FTP list parser, ensure that the memory that's allocated is always freed. Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3682 Closes #2013
Diffstat
-rw-r--r--lib/ftplistparser.c92
1 files changed, 51 insertions, 41 deletions
diff --git a/lib/ftplistparser.c b/lib/ftplistparser.c
index b2a8c0fdb..58a49722b 100644
--- a/lib/ftplistparser.c
+++ b/lib/ftplistparser.c
@@ -338,6 +338,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
struct curl_fileinfo *finfo;
unsigned long i = 0;
CURLcode result;
+ size_t retsize = bufflen;
if(parser->error) { /* error in previous call */
/* scenario:
@@ -346,7 +347,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
* 3. (last) call => is skipped RIGHT HERE and the error is hadled later
* in wc_statemach()
*/
- return bufflen;
+ goto EXIT_LABEL;
}
if(parser->os_type == OS_TYPE_UNKNOWN && bufflen > 0) {
@@ -362,12 +363,12 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
parser->file_data = Curl_fileinfo_alloc();
if(!parser->file_data) {
parser->error = CURLE_OUT_OF_MEMORY;
- return bufflen;
+ goto EXIT_LABEL;
}
parser->file_data->info.b_data = malloc(FTP_BUFFER_ALLOCSIZE);
if(!parser->file_data->info.b_data) {
PL_ERROR(conn, CURLE_OUT_OF_MEMORY);
- return bufflen;
+ goto EXIT_LABEL;
}
parser->file_data->info.b_size = FTP_BUFFER_ALLOCSIZE;
parser->item_offset = 0;
@@ -391,7 +392,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
parser->file_data = NULL;
parser->error = CURLE_OUT_OF_MEMORY;
PL_ERROR(conn, CURLE_OUT_OF_MEMORY);
- return bufflen;
+ goto EXIT_LABEL;
}
}
@@ -430,14 +431,14 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
endptr++;
if(*endptr != 0) {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ goto EXIT_LABEL;
}
parser->state.UNIX.main = PL_UNIX_FILETYPE;
finfo->b_used = 0;
}
else {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ goto EXIT_LABEL;
}
}
break;
@@ -471,7 +472,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
break;
default:
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ goto EXIT_LABEL;
}
parser->state.UNIX.main = PL_UNIX_PERMISSION;
parser->item_length = 0;
@@ -482,20 +483,20 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
if(parser->item_length <= 9) {
if(!strchr("rwx-tTsS", c)) {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ goto EXIT_LABEL;
}
}
else if(parser->item_length == 10) {
unsigned int perm;
if(c != ' ') {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ goto EXIT_LABEL;
}
finfo->b_data[10] = 0; /* terminate permissions */
perm = ftp_pl_get_permission(finfo->b_data + parser->item_offset);
if(perm & FTP_LP_MALFORMATED_PERM) {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ goto EXIT_LABEL;
}
parser->file_data->info.flags |= CURLFINFOFLAG_KNOWN_PERM;
parser->file_data->info.perm = perm;
@@ -517,7 +518,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
}
else {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ goto EXIT_LABEL;
}
}
break;
@@ -539,7 +540,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
}
else if(c < '0' || c > '9') {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ goto EXIT_LABEL;
}
break;
}
@@ -599,7 +600,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
}
else {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ goto EXIT_LABEL;
}
}
break;
@@ -624,7 +625,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
}
else if(!ISDIGIT(c)) {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ goto EXIT_LABEL;
}
break;
}
@@ -640,7 +641,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
}
else {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ goto EXIT_LABEL;
}
}
break;
@@ -651,7 +652,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
}
else if(!ISALNUM(c) && c != '.') {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ goto EXIT_LABEL;
}
break;
case PL_UNIX_TIME_PREPART2:
@@ -662,7 +663,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
}
else {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ goto EXIT_LABEL;
}
}
break;
@@ -673,7 +674,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
}
else if(!ISALNUM(c) && c != '.') {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ goto EXIT_LABEL;
}
break;
case PL_UNIX_TIME_PREPART3:
@@ -684,7 +685,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
}
else {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ goto EXIT_LABEL;
}
}
break;
@@ -709,7 +710,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
}
else if(!ISALNUM(c) && c != '.' && c != ':') {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ goto EXIT_LABEL;
}
break;
}
@@ -735,7 +736,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
result = ftp_pl_insert_finfo(conn, infop);
if(result) {
PL_ERROR(conn, result);
- return bufflen;
+ goto EXIT_LABEL;
}
}
break;
@@ -747,12 +748,12 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
result = ftp_pl_insert_finfo(conn, infop);
if(result) {
PL_ERROR(conn, result);
- return bufflen;
+ goto EXIT_LABEL;
}
}
else {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ goto EXIT_LABEL;
}
break;
}
@@ -773,7 +774,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
}
else if(c == '\r' || c == '\n') {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ goto EXIT_LABEL;
}
break;
case PL_UNIX_SYMLINK_PRETARGET1:
@@ -783,7 +784,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
}
else if(c == '\r' || c == '\n') {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ goto EXIT_LABEL;
}
else {
parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_NAME;
@@ -796,7 +797,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
}
else if(c == '\r' || c == '\n') {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ goto EXIT_LABEL;
}
else {
parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_NAME;
@@ -814,7 +815,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
}
else if(c == '\r' || c == '\n') {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ goto EXIT_LABEL;
}
else {
parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_NAME;
@@ -828,7 +829,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
}
else {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ goto EXIT_LABEL;
}
break;
case PL_UNIX_SYMLINK_TARGET:
@@ -842,7 +843,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
result = ftp_pl_insert_finfo(conn, infop);
if(result) {
PL_ERROR(conn, result);
- return bufflen;
+ goto EXIT_LABEL;
}
parser->state.UNIX.main = PL_UNIX_FILETYPE;
}
@@ -854,13 +855,13 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
result = ftp_pl_insert_finfo(conn, infop);
if(result) {
PL_ERROR(conn, result);
- return bufflen;
+ goto EXIT_LABEL;
}
parser->state.UNIX.main = PL_UNIX_FILETYPE;
}
else {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ goto EXIT_LABEL;
}
break;
}
@@ -874,7 +875,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
if(parser->item_length < 9) {
if(!strchr("0123456789-", c)) { /* only simple control */
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ goto EXIT_LABEL;
}
}
else if(parser->item_length == 9) {
@@ -884,12 +885,12 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
}
else {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ goto EXIT_LABEL;
}
}
else {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ goto EXIT_LABEL;
}
break;
case PL_WINNT_TIME:
@@ -910,7 +911,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
}
else if(!strchr("APM0123456789:", c)) {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ goto EXIT_LABEL;
}
break;
}
@@ -941,7 +942,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
parser->item_offset,
&endptr, 10, &finfo->size)) {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ goto EXIT_LABEL;
}
/* correct file type */
parser->file_data->info.filetype = CURLFILETYPE_FILE;
@@ -977,7 +978,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
result = ftp_pl_insert_finfo(conn, infop);
if(result) {
PL_ERROR(conn, result);
- return bufflen;
+ goto EXIT_LABEL;
}
parser->state.NT.main = PL_WINNT_DATE;
parser->state.NT.sub.filename = PL_WINNT_FILENAME_PRESPACE;
@@ -989,14 +990,14 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
result = ftp_pl_insert_finfo(conn, infop);
if(result) {
PL_ERROR(conn, result);
- return bufflen;
+ goto EXIT_LABEL;
}
parser->state.NT.main = PL_WINNT_DATE;
parser->state.NT.sub.filename = PL_WINNT_FILENAME_PRESPACE;
}
else {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ goto EXIT_LABEL;
}
break;
}
@@ -1004,13 +1005,22 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
}
break;
default:
- return bufflen + 1;
+ retsize = bufflen + 1;
+ goto EXIT_LABEL;
}
i++;
}
- return bufflen;
+EXIT_LABEL:
+
+ /* Clean up any allocated memory. */
+ if(parser->file_data != NULL) {
+ Curl_fileinfo_dtor(NULL, parser->file_data);
+ parser->file_data = NULL;
+ }
+
+ return retsize;
}
#endif /* CURL_DISABLE_FTP */
View Lorry Controller Status