On Tue, 29 Mar 2016 21:50:23 +0200, [email protected] wrote:
> The "dirp" pointer is not closed if goto inside the while loop is called.
>
> This diff:
> - closes the dirp object
> - moves the jump mark "out" a bit higher to clean the file pointer as well as
> the
> descriptor if the goto statement is called, and reset global variables
>
> The "send_file_list" function is only called on NLST.
I think it is safer to just move the closedir(dirp) to be after the
"out" label.
- todd
Index: ftpd.c
===================================================================
RCS file: /cvs/src/libexec/ftpd/ftpd.c,v
retrieving revision 1.213
diff -u -p -u -r1.213 ftpd.c
--- ftpd.c 16 Mar 2016 15:41:10 -0000 1.213
+++ ftpd.c 29 Mar 2016 20:30:39 -0000
@@ -2694,6 +2694,8 @@ send_file_list(char *whichf)
} else if (!S_ISDIR(st.st_mode))
continue;
+ if (dirp != NULL)
+ (void) closedir(dirp);
if ((dirp = opendir(dirname)) == NULL)
continue;
@@ -2738,7 +2740,6 @@ send_file_list(char *whichf)
byte_count += strlen(nbuf) + 1;
}
}
- (void) closedir(dirp);
}
if (dout == NULL)
@@ -2748,7 +2749,10 @@ send_file_list(char *whichf)
else
reply(226, "Transfer complete.");
+out:
transflag = 0;
+ if (dirp != NULL)
+ (void) closedir(dirp);
if (dout != NULL)
(void) fclose(dout);
else {
@@ -2757,7 +2761,7 @@ send_file_list(char *whichf)
}
data = -1;
pdata = -1;
-out:
+
if (freeglob) {
freeglob = 0;
globfree(&gl);
