mirrors/mc
1
0
Fork 0
mirror of https://github.com/MidnightCommander/mc synced 2025-01-18 17:29:28 +03:00
Code Issues Packages Projects Releases Wiki Activity

Ticket #3176: sftpfs: fix segfault when trying to view a file.

Browse Source 
Segfault was caused by using data from already free()-d memory
in /src/vfs/sftpfs/file.c. sftpfs_lseek() accessed a memory block,
which was previously deallocated by sftpfs_reopen().

Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
This commit is contained in:
Vahur Sinijärv 2014-02-28 09:29:42 +04:00 committed by Andrew Borodin
parent 9bbc51098e
commit cd44dc5938
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/vfs/sftpfs/file.c
View File

@ -60,12 +60,16 @@ static void
sftpfs_reopen (vfs_file_handler_t * file_handler, GError ** error) sftpfs_reopen (vfs_file_handler_t * file_handler, GError ** error)
{ {
sftpfs_file_handler_data_t *file_handler_data; sftpfs_file_handler_data_t *file_handler_data;
int flags;
mode_t mode;
file_handler_data = (sftpfs_file_handler_data_t *) file_handler->data; file_handler_data = (sftpfs_file_handler_data_t *) file_handler->data;
flags = file_handler_data->flags;
mode = file_handler_data->mode;
sftpfs_close_file (file_handler, error); sftpfs_close_file (file_handler, error);
if (error == NULL || *error == NULL) if (error == NULL || *error == NULL)
sftpfs_open_file (file_handler, file_handler_data->flags, file_handler_data->mode, error); sftpfs_open_file (file_handler, flags, mode, error);
} }
/* --------------------------------------------------------------------------------------------- */ /* --------------------------------------------------------------------------------------------- */
@ -361,8 +365,6 @@ sftpfs_lseek (vfs_file_handler_t * file_handler, off_t offset, int whence, GErro
{ {
sftpfs_file_handler_data_t *file_handler_data; sftpfs_file_handler_data_t *file_handler_data;
file_handler_data = (sftpfs_file_handler_data_t *) file_handler->data;
switch (whence) switch (whence)
{ {
case SEEK_SET: case SEEK_SET:
@ -392,6 +394,8 @@ sftpfs_lseek (vfs_file_handler_t * file_handler, off_t offset, int whence, GErro
break; break;
} }
file_handler_data = (sftpfs_file_handler_data_t *) file_handler->data;
libssh2_sftp_seek64 (file_handler_data->handle, file_handler->pos); libssh2_sftp_seek64 (file_handler_data->handle, file_handler->pos);
file_handler->pos = (off_t) libssh2_sftp_tell64 (file_handler_data->handle); file_handler->pos = (off_t) libssh2_sftp_tell64 (file_handler_data->handle);