From d50e204b0c4c10164a711bf640500e46987de9c3 Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Wed, 7 Nov 2018 14:04:56 +0100 Subject: 43790: failed mailstat could leak memory --- ChangeLog | 2 ++ Src/utils.c | 16 +++++++++++++--- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 343038997..f915182f1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 2018-11-09 Peter Stephenson + * 43790: Kamil: Src/utils.c: failed mailstat could leak memory. + * 43789: Kamil: Src/module.c: possible use after free handling math functions from module. diff --git a/Src/utils.c b/Src/utils.c index 914e30c5c..e43a3cdb4 100644 --- a/Src/utils.c +++ b/Src/utils.c @@ -7459,19 +7459,28 @@ mailstat(char *path, struct stat *st) /* See if cur/ is present */ dir = appstr(ztrdup(path), "/cur"); - if (stat(dir, &st_tmp) || !S_ISDIR(st_tmp.st_mode)) return 0; + if (stat(dir, &st_tmp) || !S_ISDIR(st_tmp.st_mode)) { + zsfree(dir); + return 0; + } st_ret.st_atime = st_tmp.st_atime; /* See if tmp/ is present */ dir[plen] = 0; dir = appstr(dir, "/tmp"); - if (stat(dir, &st_tmp) || !S_ISDIR(st_tmp.st_mode)) return 0; + if (stat(dir, &st_tmp) || !S_ISDIR(st_tmp.st_mode)) { + zsfree(dir); + return 0; + } st_ret.st_mtime = st_tmp.st_mtime; /* And new/ */ dir[plen] = 0; dir = appstr(dir, "/new"); - if (stat(dir, &st_tmp) || !S_ISDIR(st_tmp.st_mode)) return 0; + if (stat(dir, &st_tmp) || !S_ISDIR(st_tmp.st_mode)) { + zsfree(dir); + return 0; + } st_ret.st_mtime = st_tmp.st_mtime; #if THERE_IS_EXACTLY_ONE_MAILDIR_IN_MAILPATH @@ -7483,6 +7492,7 @@ mailstat(char *path, struct stat *st) st_tmp.st_atime == st_new_last.st_atime && st_tmp.st_mtime == st_new_last.st_mtime) { *st = st_ret_last; + zsfree(dir); return 0; } st_new_last = st_tmp; -- cgit 1.4.1