Browse code
fuzz - 12142 - Fix for potential memory and file descriptor leak in HTML normalization code.
Micah Snyder authored on 2019/01/23 03:48:20Showing 1 changed files
| ... | ... |
@@ -1609,6 +1609,15 @@ static int cli_html_normalise(int fd, m_area_t *m_area, const char *dirname, tag |
| 1609 | 1609 |
break; |
| 1610 | 1610 |
case HTML_RFC2397_INIT: |
| 1611 | 1611 |
if (dirname) {
|
| 1612 |
+ if (NULL != file_tmp_o1) {
|
|
| 1613 |
+ if (file_tmp_o1->fd != -1) {
|
|
| 1614 |
+ html_output_flush(file_tmp_o1); |
|
| 1615 |
+ close(file_tmp_o1->fd); |
|
| 1616 |
+ file_tmp_o1->fd = -1; |
|
| 1617 |
+ } |
|
| 1618 |
+ free(file_tmp_o1); |
|
| 1619 |
+ } |
|
| 1620 |
+ |
|
| 1612 | 1621 |
file_tmp_o1 = (file_buff_t *) cli_malloc(sizeof(file_buff_t)); |
| 1613 | 1622 |
if (!file_tmp_o1) {
|
| 1614 | 1623 |
cli_errmsg("cli_html_normalise: Unable to allocate memory for file_tmp_o1\n");
|
| ... | ... |
@@ -1692,8 +1701,11 @@ static int cli_html_normalise(int fd, m_area_t *m_area, const char *dirname, tag |
| 1692 | 1692 |
break; |
| 1693 | 1693 |
case HTML_RFC2397_FINISH: |
| 1694 | 1694 |
if(file_tmp_o1) {
|
| 1695 |
+ if (file_tmp_o1->fd != -1) {
|
|
| 1695 | 1696 |
html_output_flush(file_tmp_o1); |
| 1696 | 1697 |
close(file_tmp_o1->fd); |
| 1698 |
+ file_tmp_o1->fd = -1; |
|
| 1699 |
+ } |
|
| 1697 | 1700 |
free(file_tmp_o1); |
| 1698 | 1701 |
file_tmp_o1 = NULL; |
| 1699 | 1702 |
} |
| ... | ... |
@@ -1830,9 +1842,10 @@ abort: |
| 1830 | 1830 |
file_buff_text=NULL; |
| 1831 | 1831 |
} |
| 1832 | 1832 |
if(file_tmp_o1) {
|
| 1833 |
+ if (file_tmp_o1->fd != -1) {
|
|
| 1833 | 1834 |
html_output_flush(file_tmp_o1); |
| 1834 |
- if(file_tmp_o1 && file_tmp_o1->fd != -1) |
|
| 1835 | 1835 |
close(file_tmp_o1->fd); |
| 1836 |
+ } |
|
| 1836 | 1837 |
free(file_tmp_o1); |
| 1837 | 1838 |
} |
| 1838 | 1839 |
return retval; |