diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2013-12-05 22:59:46 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2013-12-05 22:59:46 +0000 |
| commit | 29490d5912705c28cf3c276b06813f5e71450729 (patch) | |
| tree | 61bd868b10684589240d27ad82e5e8f5056782d4 /usr.bin/ssh | |
| parent | 94863acab98b3fa6db4fba64aaa490bbac8cdffb (diff) | |
fix memory leak in error path in do_readdir(); pointed out by
Loganaden Velvindron @ AfriNIC in bz#2163
Diffstat (limited to 'usr.bin/ssh')
| -rw-r--r-- | usr.bin/ssh/sftp-client.c | 42 |
1 files changed, 21 insertions, 21 deletions
diff --git a/usr.bin/ssh/sftp-client.c b/usr.bin/ssh/sftp-client.c index 59d9d4b26ce..9ef05cb9600 100644 --- a/usr.bin/ssh/sftp-client.c +++ b/usr.bin/ssh/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.110 2013/12/04 04:20:01 djm Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.111 2013/12/05 22:59:45 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> * @@ -453,6 +453,10 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int print_flag, Buffer msg; u_int count, type, id, handle_len, i, expected_id, ents = 0; char *handle; + int status = SSH2_FX_FAILURE; + + if (dir) + *dir = NULL; id = conn->msg_id++; @@ -499,20 +503,12 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int print_flag, fatal("ID mismatch (%u != %u)", id, expected_id); if (type == SSH2_FXP_STATUS) { - int status = buffer_get_int(&msg); - + status = buffer_get_int(&msg); debug3("Received SSH2_FXP_STATUS %d", status); - - if (status == SSH2_FX_EOF) { + if (status == SSH2_FX_EOF) break; - } else { - error("Couldn't read directory: %s", - fx2txt(status)); - do_close(conn, handle, handle_len); - free(handle); - buffer_free(&msg); - return(status); - } + error("Couldn't read directory: %s", fx2txt(status)); + goto out; } else if (type != SSH2_FXP_NAME) fatal("Expected SSH2_FXP_NAME(%u) packet, got %u", SSH2_FXP_NAME, type); @@ -540,10 +536,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int print_flag, if (strchr(filename, '/') != NULL) { error("Server sent suspect path \"%s\" " "during readdir of \"%s\"", filename, path); - goto next; - } - - if (dir) { + } else if (dir) { *dir = xrealloc(*dir, ents + 2, sizeof(**dir)); (*dir)[ents] = xcalloc(1, sizeof(***dir)); (*dir)[ents]->filename = xstrdup(filename); @@ -551,24 +544,29 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int print_flag, memcpy(&(*dir)[ents]->a, a, sizeof(*a)); (*dir)[++ents] = NULL; } - next: free(filename); free(longname); } } + status = 0; + out: buffer_free(&msg); do_close(conn, handle, handle_len); free(handle); - /* Don't return partial matches on interrupt */ - if (interrupted && dir != NULL && *dir != NULL) { + if (status != 0 && dir != NULL) { + /* Don't return results on error */ + free_sftp_dirents(*dir); + *dir = NULL; + } else if (interrupted && dir != NULL && *dir != NULL) { + /* Don't return partial matches on interrupt */ free_sftp_dirents(*dir); *dir = xcalloc(1, sizeof(**dir)); **dir = NULL; } - return 0; + return status; } int @@ -581,6 +579,8 @@ void free_sftp_dirents(SFTP_DIRENT **s) { int i; + if (s == NULL) + return; for (i = 0; s[i]; i++) { free(s[i]->filename); free(s[i]->longname); |