Hi Ivan, the problem was reproducible.
Here is a patch to fix the issue. Regards, Tim
From b0c916a6f4eb59d6108f0d5c9e4b516758a8def0 Mon Sep 17 00:00:00 2001 From: Tim Ruehsen <[email protected]> Date: Wed, 19 Jun 2013 10:02:20 +0200 Subject: [PATCH] fix segfault in ftp.c (ftp_loop_internal) --- src/ChangeLog | 6 ++++++ src/connect.c | 1 + src/ftp.c | 30 +++++++++++++++--------------- 3 files changed, 22 insertions(+), 15 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 4021d9c..4299ac5 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,9 @@ +2013-06-19 Tim Ruehsen <[email protected]> + + * connect.c (socket_ip_address): zero out ip address structure to + avoid access to uninitialized values by inet_ntop(). + * ftp.c (ftp_loop_internal): fix segfault caused by warc_tmp NULL pointer. + 2013-05-21 Ray Satiro <[email protected]> * url.c (url_file_name): Use MAX_PATH in Windows. diff --git a/src/connect.c b/src/connect.c index 6d7cc97..bfb079b 100644 --- a/src/connect.c +++ b/src/connect.c @@ -559,6 +559,7 @@ socket_ip_address (int sock, ip_address *ip, int endpoint) if (ret < 0) return false; + memset(ip, 0, sizeof(ip_address)); ip->family = sockaddr->sa_family; switch (sockaddr->sa_family) { diff --git a/src/ftp.c b/src/ftp.c index 0ad4b32..3bf9226 100644 --- a/src/ftp.c +++ b/src/ftp.c @@ -1449,21 +1449,6 @@ ftp_loop_internal (struct url *u, struct fileinfo *f, ccon *con, char **local_fi orig_lp = con->cmd & LEAVE_PENDING ? 1 : 0; - /* For file RETR requests, we can write a WARC record. - We record the file contents to a temporary file. */ - if (warc_enabled && (con->cmd & DO_RETR)) - { - warc_tmp = warc_tempfile (); - if (warc_tmp == NULL) - return WARC_TMP_FOPENERR; - - if (!con->proxy && con->csock != -1) - { - warc_ip = (ip_address *) alloca (sizeof (ip_address)); - socket_ip_address (con->csock, warc_ip, ENDPOINT_PEER); - } - } - /* THE loop. */ do { @@ -1491,6 +1476,21 @@ ftp_loop_internal (struct url *u, struct fileinfo *f, ccon *con, char **local_fi con->cmd |= DO_CWD; } + /* For file RETR requests, we can write a WARC record. + We record the file contents to a temporary file. */ + if (warc_enabled && (con->cmd & DO_RETR) && warc_tmp == NULL) + { + warc_tmp = warc_tempfile (); + if (warc_tmp == NULL) + return WARC_TMP_FOPENERR; + + if (!con->proxy && con->csock != -1) + { + warc_ip = (ip_address *) alloca (sizeof (ip_address)); + socket_ip_address (con->csock, warc_ip, ENDPOINT_PEER); + } + } + /* Decide whether or not to restart. */ if (con->cmd & DO_LIST) restval = 0; -- 1.8.3.1
