cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: ftp->prevpath bug?

From: Dan Fandrich <dan_at_coneharvesters.com>
Date: Thu, 16 Dec 2004 17:09:02 -0800

On Thu, Dec 16, 2004 at 11:04:36PM +0100, Gisle Vanem wrote:
> + if (conn->path) {
> + path = curl_unescape(conn->path, 0);
> + if(!path)
> + return CURLE_OUT_OF_MEMORY;
> + }
> + else
> + path = NULL;
> +
> + flen = ftp->file ? strlen(ftp->file) : 0;
> + dlen = path ? strlen(path)-flen : 0;
> if(dlen) {
> ftp->prevpath = malloc(dlen + 1);
> if(!ftp->prevpath)
> return CURLE_OUT_OF_MEMORY;
> - memcpy(ftp->prevpath, conn->path, dlen);
> + memcpy(ftp->prevpath, path, dlen);
> ftp->prevpath[dlen]=0; /* terminate */
> infof(data, "Remembering we are in dir %s\n", ftp->prevpath);
> }
> else
> ftp->prevpath = NULL; /* no path */
>
> + if (path)
> + free(path);
> +
> /* free the dir tree and file parts */
> freedirs(ftp);

This will leak memory if curl_unescape() is called and then the
prevpath=malloc() fails. There needs to be another free(path) before the
second return CURLE_OUT_OF_MEMORY;

>>> Dan

-- 
http://www.MoveAnnouncer.com              The web change of address service
          Let webmasters know that your web site has moved

Received on 2004-12-17

This message: [ Message body ]
Next message: Gisle Vanem: "Re: ftp->prevpath bug?"
Previous message: Daniel Stenberg: "Re: ftp->prevpath bug?"
In reply to: Gisle Vanem: "Re: ftp->prevpath bug?"
Next in thread: Gisle Vanem: "Re: ftp->prevpath bug?"
Reply: Gisle Vanem: "Re: ftp->prevpath bug?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]