Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

re-use of free'd memory causes hard crash #23

Open
jwbmwv opened this issue Mar 18, 2020 · 0 comments
Open

re-use of free'd memory causes hard crash #23

jwbmwv opened this issue Mar 18, 2020 · 0 comments

Comments

@jwbmwv
Copy link

jwbmwv commented Mar 18, 2020
edited
Loading

If an ftp client send a RETR closely followed by an ABOR memory is freed in the cmd_abrt() -> tcp->abort() -> tcp->abandon() -> ftpd_msgerr() -> ftpd_dataclsoe() call sequence that cmd_abrt subsequently tries to use/free again. Taking the code to free memory out of cmd_abrt() fixes the crash, but causes a memory leak as expected. I believe the fundamental problem is the callbacks used do not have the ability to propagate the freeing of the memory back up the call return stack. Some one of the calling functions need to know enough to invalidate a pointer somewhere.

This was found by implementing the SIZE command and issuing a curl command that had a range starting at offset 0.

curl ftp://ip_address/filename --range 0-1000 -o /tmp/out.tx
@jwbmwv jwbmwv changed the title re-use of memory cause hard crash re-use of free'd memory causes hard crash Mar 19, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jwbmwv