moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity

ftplistparser: free off temporary memory always 

When using the FTP list parser, ensure that the memory that's
allocated is always freed.

Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3682
Closes #2013
This commit is contained in:
Max Dymond 2017-10-25 15:52:43 +01:00 committed by Daniel Stenberg
parent b9d25f9a6b
commit f786d1f143
1 changed files with 51 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
lib/ftplistparser.c
View File

@ -338,6 +338,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
struct curl_fileinfo *finfo; struct curl_fileinfo *finfo;
unsigned long i = 0; unsigned long i = 0;
CURLcode result; CURLcode result;
size_t retsize = bufflen;
if(parser->error) { /* error in previous call */ if(parser->error) { /* error in previous call */
/* scenario: /* scenario:
@ -346,7 +347,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
* 3. (last) call => is skipped RIGHT HERE and the error is hadled later * 3. (last) call => is skipped RIGHT HERE and the error is hadled later
* in wc_statemach() * in wc_statemach()
*/ */
return bufflen; goto EXIT_LABEL;
} }
if(parser->os_type == OS_TYPE_UNKNOWN && bufflen > 0) { if(parser->os_type == OS_TYPE_UNKNOWN && bufflen > 0) {
@ -362,12 +363,12 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
parser->file_data = Curl_fileinfo_alloc(); parser->file_data = Curl_fileinfo_alloc();
if(!parser->file_data) { if(!parser->file_data) {
parser->error = CURLE_OUT_OF_MEMORY; parser->error = CURLE_OUT_OF_MEMORY;
return bufflen; goto EXIT_LABEL;
} }
parser->file_data->info.b_data = malloc(FTP_BUFFER_ALLOCSIZE); parser->file_data->info.b_data = malloc(FTP_BUFFER_ALLOCSIZE);
if(!parser->file_data->info.b_data) { if(!parser->file_data->info.b_data) {
PL_ERROR(conn, CURLE_OUT_OF_MEMORY); PL_ERROR(conn, CURLE_OUT_OF_MEMORY);
return bufflen; goto EXIT_LABEL;
} }
parser->file_data->info.b_size = FTP_BUFFER_ALLOCSIZE; parser->file_data->info.b_size = FTP_BUFFER_ALLOCSIZE;
parser->item_offset = 0; parser->item_offset = 0;
@ -391,7 +392,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
parser->file_data = NULL; parser->file_data = NULL;
parser->error = CURLE_OUT_OF_MEMORY; parser->error = CURLE_OUT_OF_MEMORY;
PL_ERROR(conn, CURLE_OUT_OF_MEMORY); PL_ERROR(conn, CURLE_OUT_OF_MEMORY);
return bufflen; goto EXIT_LABEL;
} }
} }
@ -430,14 +431,14 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
endptr++; endptr++;
if(*endptr != 0) { if(*endptr != 0) {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
return bufflen; goto EXIT_LABEL;
} }
parser->state.UNIX.main = PL_UNIX_FILETYPE; parser->state.UNIX.main = PL_UNIX_FILETYPE;
finfo->b_used = 0; finfo->b_used = 0;
} }
else { else {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
return bufflen; goto EXIT_LABEL;
} }
} }
break; break;
@ -471,7 +472,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
break; break;
default: default:
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
return bufflen; goto EXIT_LABEL;
} }
parser->state.UNIX.main = PL_UNIX_PERMISSION; parser->state.UNIX.main = PL_UNIX_PERMISSION;
parser->item_length = 0; parser->item_length = 0;
@ -482,20 +483,20 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
if(parser->item_length <= 9) { if(parser->item_length <= 9) {
if(!strchr("rwx-tTsS", c)) { if(!strchr("rwx-tTsS", c)) {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
return bufflen; goto EXIT_LABEL;
} }
} }
else if(parser->item_length == 10) { else if(parser->item_length == 10) {
unsigned int perm; unsigned int perm;
if(c != ' ') { if(c != ' ') {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
return bufflen; goto EXIT_LABEL;
} }
finfo->b_data[10] = 0; /* terminate permissions */ finfo->b_data[10] = 0; /* terminate permissions */
perm = ftp_pl_get_permission(finfo->b_data + parser->item_offset); perm = ftp_pl_get_permission(finfo->b_data + parser->item_offset);
if(perm & FTP_LP_MALFORMATED_PERM) { if(perm & FTP_LP_MALFORMATED_PERM) {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
return bufflen; goto EXIT_LABEL;
} }
parser->file_data->info.flags |= CURLFINFOFLAG_KNOWN_PERM; parser->file_data->info.flags |= CURLFINFOFLAG_KNOWN_PERM;
parser->file_data->info.perm = perm; parser->file_data->info.perm = perm;
@ -517,7 +518,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
} }
else { else {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
return bufflen; goto EXIT_LABEL;
} }
} }
break; break;
@ -539,7 +540,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
} }
else if(c < '0' || c > '9') { else if(c < '0' || c > '9') {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
return bufflen; goto EXIT_LABEL;
} }
break; break;
} }
@ -599,7 +600,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
} }
else { else {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
return bufflen; goto EXIT_LABEL;
} }
} }
break; break;
@ -624,7 +625,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
} }
else if(!ISDIGIT(c)) { else if(!ISDIGIT(c)) {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
return bufflen; goto EXIT_LABEL;
} }
break; break;
} }
@ -640,7 +641,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
} }
else { else {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
return bufflen; goto EXIT_LABEL;
} }
} }
break; break;
@ -651,7 +652,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
} }
else if(!ISALNUM(c) && c != '.') { else if(!ISALNUM(c) && c != '.') {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
return bufflen; goto EXIT_LABEL;
} }
break; break;
case PL_UNIX_TIME_PREPART2: case PL_UNIX_TIME_PREPART2:
@ -662,7 +663,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
} }
else { else {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
return bufflen; goto EXIT_LABEL;
} }
} }
break; break;
@ -673,7 +674,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
} }
else if(!ISALNUM(c) && c != '.') { else if(!ISALNUM(c) && c != '.') {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
return bufflen; goto EXIT_LABEL;
} }
break; break;
case PL_UNIX_TIME_PREPART3: case PL_UNIX_TIME_PREPART3:
@ -684,7 +685,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
} }
else { else {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
return bufflen; goto EXIT_LABEL;
} }
} }
break; break;
@ -709,7 +710,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
} }
else if(!ISALNUM(c) && c != '.' && c != ':') { else if(!ISALNUM(c) && c != '.' && c != ':') {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
return bufflen; goto EXIT_LABEL;
} }
break; break;
} }
@ -735,7 +736,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
result = ftp_pl_insert_finfo(conn, infop); result = ftp_pl_insert_finfo(conn, infop);
if(result) { if(result) {
PL_ERROR(conn, result); PL_ERROR(conn, result);
return bufflen; goto EXIT_LABEL;
} }
} }
break; break;
@ -747,12 +748,12 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
result = ftp_pl_insert_finfo(conn, infop); result = ftp_pl_insert_finfo(conn, infop);
if(result) { if(result) {
PL_ERROR(conn, result); PL_ERROR(conn, result);
return bufflen; goto EXIT_LABEL;
} }
} }
else { else {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
return bufflen; goto EXIT_LABEL;
} }
break; break;
} }
@ -773,7 +774,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
} }
else if(c == '\r' || c == '\n') { else if(c == '\r' || c == '\n') {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
return bufflen; goto EXIT_LABEL;
} }
break; break;
case PL_UNIX_SYMLINK_PRETARGET1: case PL_UNIX_SYMLINK_PRETARGET1:
@ -783,7 +784,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
} }
else if(c == '\r' || c == '\n') { else if(c == '\r' || c == '\n') {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
return bufflen; goto EXIT_LABEL;
} }
else { else {
parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_NAME; parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_NAME;
@ -796,7 +797,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
} }
else if(c == '\r' || c == '\n') { else if(c == '\r' || c == '\n') {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
return bufflen; goto EXIT_LABEL;
} }
else { else {
parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_NAME; parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_NAME;
@ -814,7 +815,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
} }
else if(c == '\r' || c == '\n') { else if(c == '\r' || c == '\n') {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
return bufflen; goto EXIT_LABEL;
} }
else { else {
parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_NAME; parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_NAME;
@ -828,7 +829,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
} }
else { else {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
return bufflen; goto EXIT_LABEL;
} }
break; break;
case PL_UNIX_SYMLINK_TARGET: case PL_UNIX_SYMLINK_TARGET:
@ -842,7 +843,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
result = ftp_pl_insert_finfo(conn, infop); result = ftp_pl_insert_finfo(conn, infop);
if(result) { if(result) {
PL_ERROR(conn, result); PL_ERROR(conn, result);
return bufflen; goto EXIT_LABEL;
} }
parser->state.UNIX.main = PL_UNIX_FILETYPE; parser->state.UNIX.main = PL_UNIX_FILETYPE;
} }
@ -854,13 +855,13 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
result = ftp_pl_insert_finfo(conn, infop); result = ftp_pl_insert_finfo(conn, infop);
if(result) { if(result) {
PL_ERROR(conn, result); PL_ERROR(conn, result);
return bufflen; goto EXIT_LABEL;
} }
parser->state.UNIX.main = PL_UNIX_FILETYPE; parser->state.UNIX.main = PL_UNIX_FILETYPE;
} }
else { else {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
return bufflen; goto EXIT_LABEL;
} }
break; break;
} }
@ -874,7 +875,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
if(parser->item_length < 9) { if(parser->item_length < 9) {
if(!strchr("0123456789-", c)) { /* only simple control */ if(!strchr("0123456789-", c)) { /* only simple control */
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
return bufflen; goto EXIT_LABEL;
} }
} }
else if(parser->item_length == 9) { else if(parser->item_length == 9) {
@ -884,12 +885,12 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
} }
else { else {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
return bufflen; goto EXIT_LABEL;
} }
} }
else { else {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
return bufflen; goto EXIT_LABEL;
} }
break; break;
case PL_WINNT_TIME: case PL_WINNT_TIME:
@ -910,7 +911,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
} }
else if(!strchr("APM0123456789:", c)) { else if(!strchr("APM0123456789:", c)) {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
return bufflen; goto EXIT_LABEL;
} }
break; break;
} }
@ -941,7 +942,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
parser->item_offset, parser->item_offset,
&endptr, 10, &finfo->size)) { &endptr, 10, &finfo->size)) {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
return bufflen; goto EXIT_LABEL;
} }
/* correct file type */ /* correct file type */
parser->file_data->info.filetype = CURLFILETYPE_FILE; parser->file_data->info.filetype = CURLFILETYPE_FILE;
@ -977,7 +978,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
result = ftp_pl_insert_finfo(conn, infop); result = ftp_pl_insert_finfo(conn, infop);
if(result) { if(result) {
PL_ERROR(conn, result); PL_ERROR(conn, result);
return bufflen; goto EXIT_LABEL;
} }
parser->state.NT.main = PL_WINNT_DATE; parser->state.NT.main = PL_WINNT_DATE;
parser->state.NT.sub.filename = PL_WINNT_FILENAME_PRESPACE; parser->state.NT.sub.filename = PL_WINNT_FILENAME_PRESPACE;
@ -989,14 +990,14 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
result = ftp_pl_insert_finfo(conn, infop); result = ftp_pl_insert_finfo(conn, infop);
if(result) { if(result) {
PL_ERROR(conn, result); PL_ERROR(conn, result);
return bufflen; goto EXIT_LABEL;
} }
parser->state.NT.main = PL_WINNT_DATE; parser->state.NT.main = PL_WINNT_DATE;
parser->state.NT.sub.filename = PL_WINNT_FILENAME_PRESPACE; parser->state.NT.sub.filename = PL_WINNT_FILENAME_PRESPACE;
} }
else { else {
PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST); PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
return bufflen; goto EXIT_LABEL;
} }
break; break;
} }
@ -1004,13 +1005,22 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
} }
break; break;
default: default:
return bufflen + 1; retsize = bufflen + 1;
goto EXIT_LABEL;
} }
i++; i++;
} }
return bufflen; EXIT_LABEL:
/* Clean up any allocated memory. */
if(parser->file_data != NULL) {
Curl_fileinfo_dtor(NULL, parser->file_data);
parser->file_data = NULL;
}
return retsize;
} }
#endif /* CURL_DISABLE_FTP */ #endif /* CURL_DISABLE_FTP */