[GNUnet-SVN] [gnurl] 40/256: tftp: fix memory leak on too long filename

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [gnurl] 40/256: tftp: fix memory leak on too long filename

From:	gnunet
Subject:	[GNUnet-SVN] [gnurl] 40/256: tftp: fix memory leak on too long filename
Date:	Fri, 06 Oct 2017 19:42:11 +0200

This is an automated email from the git hooks/post-receive script.

ng0 pushed a commit to branch master
in repository gnurl.

commit 16c71fafb922177f586af791e1752a1bc4d9eae2
Author: Even Rouault <address@hidden>
AuthorDate: Sat Aug 19 16:33:32 2017 +0200

    tftp: fix memory leak on too long filename
    
    Fixes
    
    $ valgrind --leak-check=full ~/install-curl-git/bin/curl 
tftp://localhost/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 [...]
    
    ==9752== Memcheck, a memory error detector
    ==9752== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
    ==9752== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
    ==9752== Command: /home/even/install-curl-git/bin/curl 
tftp://localhost/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 [...]
    ==9752==
    curl: (71) TFTP file name too long
    
    ==9752==
    ==9752== HEAP SUMMARY:
    ==9752== 505 bytes in 1 blocks are definitely lost in loss record 11 of 11
    ==9752==    at 0x4C2DB8F: malloc (in 
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==9752==    by 0x4E61CED: Curl_urldecode (in 
/home/even/install-curl-git/lib/libcurl.so.4.4.0)
    ==9752==    by 0x4E75868: tftp_state_machine (in 
/home/even/install-curl-git/lib/libcurl.so.4.4.0)
    ==9752==    by 0x4E761B6: tftp_do (in 
/home/even/install-curl-git/lib/libcurl.so.4.4.0)
    ==9752==    by 0x4E711B6: multi_runsingle (in 
/home/even/install-curl-git/lib/libcurl.so.4.4.0)
    ==9752==    by 0x4E71D00: curl_multi_perform (in 
/home/even/install-curl-git/lib/libcurl.so.4.4.0)
    ==9752==    by 0x4E6950D: curl_easy_perform (in 
/home/even/install-curl-git/lib/libcurl.so.4.4.0)
    ==9752==    by 0x40E0B7: operate_do (in 
/home/even/install-curl-git/bin/curl)
    ==9752==    by 0x40E849: operate (in /home/even/install-curl-git/bin/curl)
    ==9752==    by 0x402693: main (in /home/even/install-curl-git/bin/curl)
    
    Fixes https://oss-fuzz.com/v2/testcase-detail/5232311106797568
    Credit to OSS Fuzz
    
    Closes #1808
---
 lib/tftp.c              |  1 +
 tests/data/Makefile.inc |  2 +-
 tests/data/test1453     | 38 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/lib/tftp.c b/lib/tftp.c
index f6f4bce5b..6477e64ed 100644
--- a/lib/tftp.c
+++ b/lib/tftp.c
@@ -493,6 +493,7 @@ static CURLcode tftp_send_first(tftp_state_data_t *state, 
tftp_event_t event)
 
     if(strlen(filename) > (state->blksize - strlen(mode) - 4)) {
       failf(data, "TFTP file name too long\n");
+      free(filename);
       return CURLE_TFTP_ILLEGAL; /* too long file name field */
     }
 
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 575cf48cc..9da3e7e94 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -155,7 +155,7 @@ test1424 test1425 test1426 test1427 \
 test1428 test1429 test1430 test1431 test1432 test1433 test1434 test1435 \
 test1436 test1437 test1438 test1439 test1440 test1441 test1442 test1443 \
 test1444 test1445 test1446 test1447 test1448 test1449 test1450 test1451 \
-test1452 \
+test1452 test1453 \
 test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \
 test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \
 test1516 test1517 \
diff --git a/tests/data/test1453 b/tests/data/test1453
new file mode 100644
index 000000000..da0897184
--- /dev/null
+++ b/tests/data/test1453
@@ -0,0 +1,38 @@
+<testcase>
+<info>
+<keywords>
+Too long tftp filename
+FAILURE
+</keywords>
+</info>
+#
+# Server-side
+<reply>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+none
+</server>
+<features>
+http
+</features>
+ <name>
+Too long tftp filename
+ </name>
+ <command>
+tftp://%HOSTIP:%TFTPPORT/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 [...]
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+# TFTP file name too long
+<errorcode>
+71
+</errorcode>
+</verify>
+</testcase>

-- 
To stop receiving notification emails like this one, please contact
address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] [gnurl] 08/256: zsh.pl: produce a working completion script again, (continued)
- [GNUnet-SVN] [gnurl] 08/256: zsh.pl: produce a working completion script again, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 07/256: curlver: toward 7.56.0?, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 17/256: configure: check for __builtin_available() availability (#1788), gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 18/256: http_proxy: fix build error for CURL_DOES_CONVERSIONS, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 11/256: curl-confopts.m4: fix --disable-threaded-resolver, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 14/256: darwinssi: fix error: variable length array used, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 21/256: curl/system.h: checksrc compliance, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 19/256: examples/ftpuploadresume: checksrc compliance, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 04/256: strtoofft: reduce integer overflow risks globally, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 47/256: curl: shorten and clean up CA cert verification error message, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 40/256: tftp: fix memory leak on too long filename, gnunet <=
- [GNUnet-SVN] [gnurl] 50/256: config-tpf: define SIZEOF_LONG, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 23/256: CURLOPT_SSH_COMPRESSION.3: enable with 1L, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 27/256: config-win32: define SIZEOF_CURL_OFF_T, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 16/256: travis: add metalink to some osx builds, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 10/256: progress: Track total times following redirects, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 22/256: compressed-ssh.d: "Added: 7.56.0", gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 52/256: CURLOPT_USERPWD.3: see also CURLOPT_PROXYUSERPWD, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 15/256: coverage: Use two coveralls commands to get lib/vtls results, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 31/256: http: Don't wait on CONNECT when there is no proxy, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 24/256: ftp: fix CWD when doing multicwd then nocwd on same connection, gnunet, 2017/10/06

Prev by Date: [GNUnet-SVN] [gnurl] 47/256: curl: shorten and clean up CA cert verification error message
Next by Date: [GNUnet-SVN] [gnurl] 50/256: config-tpf: define SIZEOF_LONG
Previous by thread: [GNUnet-SVN] [gnurl] 47/256: curl: shorten and clean up CA cert verification error message
Next by thread: [GNUnet-SVN] [gnurl] 50/256: config-tpf: define SIZEOF_LONG
Index(es):
- Date
- Thread