summaryrefslogtreecommitdiff
path: root/lib/tftp.c
diff options
context:
space:
mode:
authorEven Rouault <even.rouault@spatialys.com>2017-08-19 16:33:32 +0200
committerDaniel Stenberg <daniel@haxx.se>2017-08-19 23:26:30 +0200
commit16c71fafb922177f586af791e1752a1bc4d9eae2 (patch)
tree3be70777cf0d740720db48ef819ec42ab603841b /lib/tftp.c
parentb9e22e9575d72b5bb5f5f8de79ca51af96b37b54 (diff)
downloadcurl-16c71fafb922177f586af791e1752a1bc4d9eae2.tar.gz
tftp: fix memory leak on too long filename
Fixes $ valgrind --leak-check=full ~/install-curl-git/bin/curl tftp://localhost/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaz ==9752== Memcheck, a memory error detector ==9752== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==9752== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info ==9752== Command: /home/even/install-curl-git/bin/curl tftp://localhost/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaz ==9752== curl: (71) TFTP file name too long ==9752== ==9752== HEAP SUMMARY: ==9752== 505 bytes in 1 blocks are definitely lost in loss record 11 of 11 ==9752== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==9752== by 0x4E61CED: Curl_urldecode (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) ==9752== by 0x4E75868: tftp_state_machine (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) ==9752== by 0x4E761B6: tftp_do (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) ==9752== by 0x4E711B6: multi_runsingle (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) ==9752== by 0x4E71D00: curl_multi_perform (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) ==9752== by 0x4E6950D: curl_easy_perform (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) ==9752== by 0x40E0B7: operate_do (in /home/even/install-curl-git/bin/curl) ==9752== by 0x40E849: operate (in /home/even/install-curl-git/bin/curl) ==9752== by 0x402693: main (in /home/even/install-curl-git/bin/curl) Fixes https://oss-fuzz.com/v2/testcase-detail/5232311106797568 Credit to OSS Fuzz Closes #1808
Diffstat (limited to 'lib/tftp.c')
-rw-r--r--lib/tftp.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/tftp.c b/lib/tftp.c
index f6f4bce5b..6477e64ed 100644
--- a/lib/tftp.c
+++ b/lib/tftp.c
@@ -493,6 +493,7 @@ static CURLcode tftp_send_first(tftp_state_data_t *state, tftp_event_t event)
if(strlen(filename) > (state->blksize - strlen(mode) - 4)) {
failf(data, "TFTP file name too long\n");
+ free(filename);
return CURLE_TFTP_ILLEGAL; /* too long file name field */
}