The-Homebrew-Cloud/ftpiiu_plugin
2
0
Fork 0
mirror of https://github.com/wiiu-env/ftpiiu_plugin.git synced 2024-06-28 23:26:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

Try to avoid use after free

Browse Source
This commit is contained in:
Maschell 2022-02-07 18:47:44 +01:00
parent 6b1ad4b64a
commit c0f4ed1863
4 changed files with 44 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/ftp.c
View File

@ -85,8 +85,10 @@ typedef struct client_struct client_t;
static client_t *clients[MAX_CLIENTS] = {NULL};
void set_ftp_password(char *new_password) {
if (password)
if (password) {
free(password);
password = NULL;
}
if (new_password) {
password = malloc(strlen(new_password) + 1);
if (!password)
@ -114,6 +116,7 @@ static int32_t write_reply(client_t *client, uint16_t code, char *msg) {
console_printf("Wrote reply: %s", msgbuf);
int32_t ret = send_exact(client->socket, msgbuf, msglen);
free(msgbuf);
msgbuf = NULL;
return ret;
}
@ -532,8 +535,9 @@ static int32_t stor_or_append(client_t *client, FILE *f) {
static int32_t ftp_STOR(client_t *client, char *path) {
FILE *f = vrt_fopen(client->cwd, path, "wb");
int fd;
if (f)
if (f) {
fd = fileno(f);
}
if (f && client->restart_marker && lseek(fd, client->restart_marker, SEEK_SET) != client->restart_marker) {
int32_t lseek_error = errno;
fclose(f);
@ -726,6 +730,7 @@ static void cleanup_client(client_t *client) {
}
}
free(client);
client = NULL;
num_clients--;
console_printf("Client disconnected.\n");
}
@ -785,6 +790,7 @@ static bool process_accept_events(int32_t server) {
console_printf("Error writing greeting.\n");
network_close_blocking(peer);
free(client);
client = NULL;
} else {
for (client_index = 0; client_index < MAX_CLIENTS; client_index++) {
if (!clients[client_index]) {

5
src/net.c
View File

@ -252,9 +252,11 @@ int32_t send_from_file(int32_t s, FILE *f) {
goto end;
}
free(buf);
buf = NULL;
return -EAGAIN;
end:
free(buf);
buf = NULL;
return result;
}
@ -274,15 +276,18 @@ int32_t recv_to_file(int32_t s, FILE *f) {
goto try_again_with_smaller_buffer;
}
free(buf);
buf = NULL;
return bytes_read;
} else if (bytes_read == 0) {
free(buf);
buf = NULL;
return 0;
}
int32_t bytes_written = fwrite(buf, 1, bytes_read, f);
if (bytes_written < bytes_read) {
free(buf);
buf = NULL;
return -1;
}
}

9
src/virtualpath.c
View File

@ -124,6 +124,7 @@ void AddVirtualFSVOLPath(const char *name, const char *alias, const char *prefix
VIRTUAL_PARTITION *tmp = realloc(VIRTUAL_FS_VOL, sizeof(VIRTUAL_PARTITION) * (MAX_VIRTUAL_FS_VOL + 1));
if (!tmp) {
free(VIRTUAL_FS_VOL);
VIRTUAL_FS_VOL = NULL;
MAX_VIRTUAL_FS_VOL = 0;
return;
}
@ -157,35 +158,43 @@ void UnmountVirtualPaths() {
for (i = 0; i < MAX_VIRTUAL_PARTITIONS; i++) {
if (VIRTUAL_PARTITIONS[i].name) {
free(VIRTUAL_PARTITIONS[i].name);
VIRTUAL_PARTITIONS[i].name = NULL;
}
if (VIRTUAL_PARTITIONS[i].alias) {
free(VIRTUAL_PARTITIONS[i].alias);
VIRTUAL_PARTITIONS[i].name = NULL;
}
if (VIRTUAL_PARTITIONS[i].prefix) {
free(VIRTUAL_PARTITIONS[i].prefix);
VIRTUAL_PARTITIONS[i].prefix = NULL;
}
}
for (i = 0; i < MAX_VIRTUAL_FS_VOL; i++) {
if (VIRTUAL_FS_VOL[i].name) {
free(VIRTUAL_FS_VOL[i].name);
VIRTUAL_FS_VOL[i].name = NULL;
}
}
for (i = 0; i < MAX_VIRTUAL_FS; i++) {
if (VIRTUAL_FS[i].name) {
free(VIRTUAL_FS[i].name);
VIRTUAL_FS[i].name = NULL;
}
}
if (VIRTUAL_PARTITIONS) {
free(VIRTUAL_PARTITIONS);
VIRTUAL_PARTITIONS = NULL;
}
if (VIRTUAL_FS_VOL) {
free(VIRTUAL_FS_VOL);
VIRTUAL_FS_VOL = NULL;
}
if (VIRTUAL_FS) {
free(VIRTUAL_FS);
VIRTUAL_FS = NULL;
}
VIRTUAL_PARTITIONS = NULL;
VIRTUAL_FS_VOL = NULL;

26
src/vrt.c
View File

@ -98,7 +98,10 @@ static char *virtual_abspath(char *virtual_cwd, char *virtual_path) {
}
end:
if (path != virtual_path) free(path);
if (path != virtual_path) {
free(path);
path = NULL;
}
return normalised_path;
}
@ -156,6 +159,7 @@ char *to_real_path(char *virtual_cwd, char *virtual_path) {
end:
free(virtual_path);
virtual_path = NULL;
return path;
}
@ -219,6 +223,7 @@ static void *with_virtual_path(void *virtual_cwd, void *void_f, char *virtual_pa
}
free(path);
path = NULL;
return result;
}
@ -236,6 +241,7 @@ int vrt_stat(char *cwd, char *path, struct stat *st) {
return 0;
}
free(real_path);
real_path = NULL;
return (int) with_virtual_path(cwd, stat, path, -1, st, NULL);
}
@ -251,6 +257,7 @@ static int vrt_checkdir(char *cwd, char *path) {
return 0;
}
free(real_path);
real_path = NULL;
return (int) with_virtual_path(cwd, checkdir, path, -1, NULL);
}
@ -267,6 +274,7 @@ int vrt_chdir(char *cwd, char *path) {
strcpy(cwd, abspath);
if (cwd[1]) strcat(cwd, "/");
free(abspath);
abspath = NULL;
return 0;
}
@ -283,6 +291,7 @@ int vrt_rename(char *cwd, char *from_path, char *to_path) {
if (!real_to_path || !*real_to_path) return -1;
int result = (int) with_virtual_path(cwd, rename, from_path, -1, real_to_path, NULL);
free(real_to_path);
real_to_path = NULL;
return result;
}
@ -297,6 +306,7 @@ DIR_P *vrt_opendir(char *cwd, char *path) {
if (!iter) {
if (*real_path != 0) {
free(real_path);
real_path = NULL;
}
return NULL;
}
@ -311,6 +321,7 @@ DIR_P *vrt_opendir(char *cwd, char *path) {
if (!iter->dir) {
// root path is not allocated
free(iter);
iter = NULL;
return NULL;
}
memset(iter->dir, 0, sizeof(DIR));
@ -330,7 +341,9 @@ DIR_P *vrt_opendir(char *cwd, char *path) {
iter->dir = with_virtual_path(cwd, opendir, path, 0, NULL);
if (!iter->dir) {
free(iter->path);
iter->path = NULL;
free(iter);
iter = NULL;
return NULL;
}
@ -378,17 +391,22 @@ int vrt_closedir(DIR_P *iter) {
if (!iter) return -1;
if (iter->dir) {
if (iter->virt_root)
if (iter->virt_root) {
free(iter->dir);
else
iter->dir = NULL;
} else {
closedir(iter->dir);
}
}
// root path is not allocated
if (iter->path && *iter->path != 0)
if (iter->path && *iter->path != 0) {
free(iter->path);
iter->path = NULL;
}
free(iter);
iter = NULL;
return 0;
}