[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 40/256: tftp: fix memory leak on too long filename
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 40/256: tftp: fix memory leak on too long filename |
Date: |
Fri, 06 Oct 2017 19:42:11 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 16c71fafb922177f586af791e1752a1bc4d9eae2
Author: Even Rouault <address@hidden>
AuthorDate: Sat Aug 19 16:33:32 2017 +0200
tftp: fix memory leak on too long filename
Fixes
$ valgrind --leak-check=full ~/install-curl-git/bin/curl
tftp://localhost/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[...]
==9752== Memcheck, a memory error detector
==9752== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==9752== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==9752== Command: /home/even/install-curl-git/bin/curl
tftp://localhost/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[...]
==9752==
curl: (71) TFTP file name too long
==9752==
==9752== HEAP SUMMARY:
==9752== 505 bytes in 1 blocks are definitely lost in loss record 11 of 11
==9752== at 0x4C2DB8F: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==9752== by 0x4E61CED: Curl_urldecode (in
/home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752== by 0x4E75868: tftp_state_machine (in
/home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752== by 0x4E761B6: tftp_do (in
/home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752== by 0x4E711B6: multi_runsingle (in
/home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752== by 0x4E71D00: curl_multi_perform (in
/home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752== by 0x4E6950D: curl_easy_perform (in
/home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752== by 0x40E0B7: operate_do (in
/home/even/install-curl-git/bin/curl)
==9752== by 0x40E849: operate (in /home/even/install-curl-git/bin/curl)
==9752== by 0x402693: main (in /home/even/install-curl-git/bin/curl)
Fixes https://oss-fuzz.com/v2/testcase-detail/5232311106797568
Credit to OSS Fuzz
Closes #1808
---
lib/tftp.c | 1 +
tests/data/Makefile.inc | 2 +-
tests/data/test1453 | 38 ++++++++++++++++++++++++++++++++++++++
3 files changed, 40 insertions(+), 1 deletion(-)
diff --git a/lib/tftp.c b/lib/tftp.c
index f6f4bce5b..6477e64ed 100644
--- a/lib/tftp.c
+++ b/lib/tftp.c
@@ -493,6 +493,7 @@ static CURLcode tftp_send_first(tftp_state_data_t *state,
tftp_event_t event)
if(strlen(filename) > (state->blksize - strlen(mode) - 4)) {
failf(data, "TFTP file name too long\n");
+ free(filename);
return CURLE_TFTP_ILLEGAL; /* too long file name field */
}
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 575cf48cc..9da3e7e94 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -155,7 +155,7 @@ test1424 test1425 test1426 test1427 \
test1428 test1429 test1430 test1431 test1432 test1433 test1434 test1435 \
test1436 test1437 test1438 test1439 test1440 test1441 test1442 test1443 \
test1444 test1445 test1446 test1447 test1448 test1449 test1450 test1451 \
-test1452 \
+test1452 test1453 \
test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \
test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \
test1516 test1517 \
diff --git a/tests/data/test1453 b/tests/data/test1453
new file mode 100644
index 000000000..da0897184
--- /dev/null
+++ b/tests/data/test1453
@@ -0,0 +1,38 @@
+<testcase>
+<info>
+<keywords>
+Too long tftp filename
+FAILURE
+</keywords>
+</info>
+#
+# Server-side
+<reply>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+none
+</server>
+<features>
+http
+</features>
+ <name>
+Too long tftp filename
+ </name>
+ <command>
+tftp://%HOSTIP:%TFTPPORT/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[...]
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+# TFTP file name too long
+<errorcode>
+71
+</errorcode>
+</verify>
+</testcase>
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 08/256: zsh.pl: produce a working completion script again, (continued)
- [GNUnet-SVN] [gnurl] 08/256: zsh.pl: produce a working completion script again, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 07/256: curlver: toward 7.56.0?, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 17/256: configure: check for __builtin_available() availability (#1788), gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 18/256: http_proxy: fix build error for CURL_DOES_CONVERSIONS, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 11/256: curl-confopts.m4: fix --disable-threaded-resolver, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 14/256: darwinssi: fix error: variable length array used, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 21/256: curl/system.h: checksrc compliance, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 19/256: examples/ftpuploadresume: checksrc compliance, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 04/256: strtoofft: reduce integer overflow risks globally, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 47/256: curl: shorten and clean up CA cert verification error message, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 40/256: tftp: fix memory leak on too long filename,
gnunet <=
- [GNUnet-SVN] [gnurl] 50/256: config-tpf: define SIZEOF_LONG, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 23/256: CURLOPT_SSH_COMPRESSION.3: enable with 1L, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 27/256: config-win32: define SIZEOF_CURL_OFF_T, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 16/256: travis: add metalink to some osx builds, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 10/256: progress: Track total times following redirects, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 22/256: compressed-ssh.d: "Added: 7.56.0", gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 52/256: CURLOPT_USERPWD.3: see also CURLOPT_PROXYUSERPWD, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 15/256: coverage: Use two coveralls commands to get lib/vtls results, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 31/256: http: Don't wait on CONNECT when there is no proxy, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 24/256: ftp: fix CWD when doing multicwd then nocwd on same connection, gnunet, 2017/10/06