Fix FTP response parsing and error handling memory leaks (#2133)

FTP EPLF parsing leaks in ftpListParseParts() were detected by Coverity.
CID 1660782 and CID 1660785: Resource leaks (RESOURCE_LEAK).

Three other FTP client-related leaks were detected by Valgrind:

* Ftp::CtrlChannel::last_reply
* ErrorPage::ftp::cwd_msg
* Ftp::DataChannel::host

diff --git a/src/clients/FtpClient.cc b/src/clients/FtpClient.cc
index 3cd38db070df1e433a761e949388a9f2a9f3ba59..0446bef1b85cdd17e793eb642026cf322f0b51a1 100644 (file)
--- a/src/clients/FtpClient.cc
+++ b/src/clients/FtpClient.cc
@@ -166,6 +166,7 @@ Ftp::DataChannel::DataChannel():
 
 Ftp::DataChannel::~DataChannel()
 {
+    xfree(host);
     delete readBuf;
 }
 
@@ -1163,6 +1164,7 @@ Ftp::Client::parseControlReply(size_t &bytesUsed)
 
         if (complete) {
             // use list->key for last_reply because s contains the new line
+            safe_free(ctrl.last_reply);
             ctrl.last_reply = xstrdup(list->key + 4);
             ctrl.replycode = atoi(list->key);
         }

diff --git a/src/clients/FtpGateway.cc b/src/clients/FtpGateway.cc
index fc0f3a2e94d6824f206d65e9ff8dfe08551a9a62..6a8ebda6ad60ee7c54e9924f892edba60ce3cf08 100644 (file)
--- a/src/clients/FtpGateway.cc
+++ b/src/clients/FtpGateway.cc
@@ -695,6 +695,7 @@ ftpListParseParts(const char *buf, struct Ftp::GatewayFlags flags)
             switch (*ct) {
 
             case '\t':
+                safe_free(p->name); // TODO: properly handle multiple p->name occurrences
                 p->name = xstrndup(ct + 1, l + 1);
                 break;
 
@@ -708,6 +709,7 @@ ftpListParseParts(const char *buf, struct Ftp::GatewayFlags flags)
                 if (tmp != ct + 1)
                     break;  /* not a valid integer */
 
+                safe_free(p->date); // TODO: properly handle multiple p->name occurrences
                 p->date = xstrdup(ctime(&tm));
 
                 *(strstr(p->date, "\n")) = '\0';
@@ -2220,6 +2222,7 @@ Ftp::Gateway::completedListing()
     entry->lock("Ftp::Gateway");
     ErrorState ferr(ERR_DIR_LISTING, Http::scOkay, request.getRaw(), fwd->al);
     ferr.ftp.listing = &listing;
+    safe_free(ferr.ftp.cwd_msg);
     ferr.ftp.cwd_msg = xstrdup(cwd_message.size()? cwd_message.termedBuf() : "");
     ferr.ftp.server_msg = ctrl.message;
     ctrl.message = nullptr;

diff --git a/src/errorpage.cc b/src/errorpage.cc
index a263567f7766787962b6ea7b50e5ca766e051070..d7a588d099f95811f438fb74551a4aaa52d45275 100644 (file)
--- a/src/errorpage.cc
+++ b/src/errorpage.cc
@@ -841,6 +841,7 @@ ErrorState::~ErrorState()
     wordlistDestroy(&ftp.server_msg);
     safe_free(ftp.request);
     safe_free(ftp.reply);
+    safe_free(ftp.cwd_msg);
     safe_free(err_msg);
 #if USE_ERR_LOCALES
     if (err_language != Config.errorDefaultLanguage)