[patch] ftpd: close dirp

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[patch] ftpd: close dirp

Fritjof Bornebusch
The "dirp" pointer is not closed if goto inside the while loop is called.

This diff:
- closes the dirp object
- moves the jump mark "out" a bit higher to clean the file pointer as well as the
  descriptor if the goto statement is called, and reset global variables

The "send_file_list" function is only called on NLST.

--F.

Index: ftpd.c
===================================================================
RCS file: /cvs/src/libexec/ftpd/ftpd.c,v
retrieving revision 1.213
diff -u -r1.213 ftpd.c
--- ftpd.c 16 Mar 2016 15:41:10 -0000 1.213
+++ ftpd.c 29 Mar 2016 19:44:21 -0000
@@ -2704,6 +2704,7 @@
  myoob();
  recvurg = 0;
  transflag = 0;
+ (void)closedir(dirp);
  goto out;
  }
 
@@ -2725,8 +2726,10 @@
  if (dout == NULL) {
  dout = dataconn("file list", (off_t)-1,
  "w");
- if (dout == NULL)
+ if (dout == NULL) {
+ (void)closedir(dirp);
  goto out;
+ }
  transflag++;
  }
  if (nbuf[0] == '.' && nbuf[1] == '/')
@@ -2738,7 +2741,7 @@
  byte_count += strlen(nbuf) + 1;
  }
  }
- (void) closedir(dirp);
+ (void)closedir(dirp);
  }
 
  if (dout == NULL)
@@ -2748,16 +2751,17 @@
  else
  reply(226, "Transfer complete.");
 
+out:
  transflag = 0;
  if (dout != NULL)
- (void) fclose(dout);
+ (void)fclose(dout);
  else {
  if (pdata >= 0)
  close(pdata);
  }
  data = -1;
  pdata = -1;
-out:
+
  if (freeglob) {
  freeglob = 0;
  globfree(&gl);

Reply | Threaded
Open this post in threaded view
|

Re: [patch] ftpd: close dirp

Todd C. Miller
On Tue, 29 Mar 2016 21:50:23 +0200, [hidden email] wrote:

> The "dirp" pointer is not closed if goto inside the while loop is called.
>
> This diff:
> - closes the dirp object
> - moves the jump mark "out" a bit higher to clean the file pointer as well as
>  the
>   descriptor if the goto statement is called, and reset global variables
>
> The "send_file_list" function is only called on NLST.

I think it is safer to just move the closedir(dirp) to be after the
"out" label.

 - todd

Index: ftpd.c
===================================================================
RCS file: /cvs/src/libexec/ftpd/ftpd.c,v
retrieving revision 1.213
diff -u -p -u -r1.213 ftpd.c
--- ftpd.c 16 Mar 2016 15:41:10 -0000 1.213
+++ ftpd.c 29 Mar 2016 20:30:39 -0000
@@ -2694,6 +2694,8 @@ send_file_list(char *whichf)
  } else if (!S_ISDIR(st.st_mode))
  continue;
 
+ if (dirp != NULL)
+ (void) closedir(dirp);
  if ((dirp = opendir(dirname)) == NULL)
  continue;
 
@@ -2738,7 +2740,6 @@ send_file_list(char *whichf)
  byte_count += strlen(nbuf) + 1;
  }
  }
- (void) closedir(dirp);
  }
 
  if (dout == NULL)
@@ -2748,7 +2749,10 @@ send_file_list(char *whichf)
  else
  reply(226, "Transfer complete.");
 
+out:
  transflag = 0;
+ if (dirp != NULL)
+ (void) closedir(dirp);
  if (dout != NULL)
  (void) fclose(dout);
  else {
@@ -2757,7 +2761,7 @@ send_file_list(char *whichf)
  }
  data = -1;
  pdata = -1;
-out:
+
  if (freeglob) {
  freeglob = 0;
  globfree(&gl);