From 4df7703d62dd989aab61e089dfeb999ded956468 Mon Sep 17 00:00:00 2001 From: Tim Ruehsen Date: Wed, 19 Jun 2013 10:02:20 +0200 Subject: [PATCH] fix segfault in ftp.c (ftp_loop_internal) --- src/ChangeLog | 6 ++++++ src/connect.c | 1 + src/ftp.c | 30 +++++++++++++++--------------- 3 files changed, 22 insertions(+), 15 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 4021d9cc..4299ac5c 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,9 @@ +2013-06-19 Tim Ruehsen + + * connect.c (socket_ip_address): zero out ip address structure to + avoid access to uninitialized values by inet_ntop(). + * ftp.c (ftp_loop_internal): fix segfault caused by warc_tmp NULL pointer. + 2013-05-21 Ray Satiro * url.c (url_file_name): Use MAX_PATH in Windows. diff --git a/src/connect.c b/src/connect.c index 6d7cc975..bfb079b7 100644 --- a/src/connect.c +++ b/src/connect.c @@ -559,6 +559,7 @@ socket_ip_address (int sock, ip_address *ip, int endpoint) if (ret < 0) return false; + memset(ip, 0, sizeof(ip_address)); ip->family = sockaddr->sa_family; switch (sockaddr->sa_family) { diff --git a/src/ftp.c b/src/ftp.c index 0ad4b326..9b3d81c8 100644 --- a/src/ftp.c +++ b/src/ftp.c @@ -1449,21 +1449,6 @@ ftp_loop_internal (struct url *u, struct fileinfo *f, ccon *con, char **local_fi orig_lp = con->cmd & LEAVE_PENDING ? 1 : 0; - /* For file RETR requests, we can write a WARC record. - We record the file contents to a temporary file. */ - if (warc_enabled && (con->cmd & DO_RETR)) - { - warc_tmp = warc_tempfile (); - if (warc_tmp == NULL) - return WARC_TMP_FOPENERR; - - if (!con->proxy && con->csock != -1) - { - warc_ip = (ip_address *) alloca (sizeof (ip_address)); - socket_ip_address (con->csock, warc_ip, ENDPOINT_PEER); - } - } - /* THE loop. */ do { @@ -1491,6 +1476,21 @@ ftp_loop_internal (struct url *u, struct fileinfo *f, ccon *con, char **local_fi con->cmd |= DO_CWD; } + /* For file RETR requests, we can write a WARC record. + We record the file contents to a temporary file. */ + if (warc_enabled && (con->cmd & DO_RETR) && warc_tmp == NULL) + { + warc_tmp = warc_tempfile (); + if (warc_tmp == NULL) + return WARC_TMP_FOPENERR; + + if (!con->proxy && con->csock != -1) + { + warc_ip = (ip_address *) alloca (sizeof (ip_address)); + socket_ip_address (con->csock, warc_ip, ENDPOINT_PEER); + } + } + /* Decide whether or not to restart. */ if (con->cmd & DO_LIST) restval = 0;