Fix a dangerous cross-thread memory access.

[PuTTY.git] / psftp.c

diff --git a/psftp.c b/psftp.c
index 65d0dc50ada89282e6907313514660279dd087cd..1d331603cbf7f5ea67a641466ce1eba546c9d670 100644 (file)
--- a/psftp.c
+++ b/psftp.c
@@ -291,6 +291,11 @@ int sftp_get_file(char *fname, char *outfname, int recurse, int restart)
                    if (fxp_error_type() == SSH_FX_EOF)
                        break;
                    printf("%s: reading directory: %s\n", fname, fxp_error());
+
+                    req = fxp_close_send(dirhandle);
+                    pktin = sftp_wait_for_reply(req);
+                    fxp_close_recv(pktin, req);
+
                    sfree(ournames);
                    return 0;
                }
@@ -463,6 +468,8 @@ int sftp_get_file(char *fname, char *outfname, int recurse, int restart)
                printf("error while reading: %s\n", fxp_error());
                shown_err = TRUE;
            }
+            if (ret == INT_MIN)        /* pktin not even freed */
+                sfree(pktin);
             ret = 0;
        }
 
@@ -661,21 +668,19 @@ int sftp_put_file(char *fname, char *outfname, int recurse, int restart)
     if (restart) {
        char decbuf[30];
        struct fxp_attrs attrs;
-       int ret;
 
        req = fxp_fstat_send(fh);
         pktin = sftp_wait_for_reply(req);
        ret = fxp_fstat_recv(pktin, req, &attrs);
 
        if (!ret) {
-           close_rfile(file);
            printf("read size of %s: %s\n", outfname, fxp_error());
-           return 0;
+            goto cleanup;
        }
        if (!(attrs.flags & SSH_FILEXFER_ATTR_SIZE)) {
-           close_rfile(file);
            printf("read size of %s: size was not given\n", outfname);
-           return 0;
+            ret = 0;
+            goto cleanup;
        }
        offset = attrs.size;
        uint64_decimal(offset, decbuf);
@@ -715,15 +720,20 @@ int sftp_put_file(char *fname, char *outfname, int recurse, int restart)
        if (!xfer_done(xfer)) {
            pktin = sftp_recv();
            ret = xfer_upload_gotpkt(xfer, pktin);
-           if (ret <= 0 && !err) {
-               printf("error while writing: %s\n", fxp_error());
-               err = 1;
+           if (ret <= 0) {
+                if (ret == INT_MIN)        /* pktin not even freed */
+                    sfree(pktin);
+                if (!err) {
+                    printf("error while writing: %s\n", fxp_error());
+                    err = 1;
+                }
            }
        }
     }
 
     xfer_cleanup(xfer);
 
+  cleanup:
     req = fxp_close_send(fh);
     pktin = sftp_wait_for_reply(req);
     fxp_close_recv(pktin, req);
@@ -911,6 +921,7 @@ int wildcard_iterate(char *filename, int (*func)(void *, char *), void *ctx)
                printf("%s: canonify: %s\n", newname, fxp_error());
                ret = 0;
            }
+            sfree(newname);
            matched = TRUE;
            ret &= func(ctx, cname);
            sfree(cname);
@@ -1023,6 +1034,7 @@ int sftp_cmd_ls(struct sftp_command *cmd)
        char *tmpdir;
        int len, check;
 
+        sfree(unwcdir);
        wildcard = stripslashes(dir, 0);
        unwcdir = dupstr(dir);
        len = wildcard - dir;
@@ -1245,7 +1257,9 @@ int sftp_general_get(struct sftp_command *cmd, int restart, int multiple)
            fname = canonify(origwfname);
 
            if (!fname) {
+                sftp_finish_wildcard_matching(swcm);
                printf("%s: canonify: %s\n", origwfname, fxp_error());
+               sfree(origwfname);
                sfree(unwcfname);
                return 0;
            }
@@ -2221,6 +2235,7 @@ struct sftp_command *sftp_getcmd(FILE *fp, int mode, int modeflags)
        cmd->obey = sftp_cmd_quit;
        if ((mode == 0) || (modeflags & 1))
            printf("quit\n");
+        sfree(line);
        return cmd;                    /* eof */
     }
 
@@ -2463,6 +2478,18 @@ void modalfatalbox(char *fmt, ...)
 
     cleanup_exit(1);
 }
+void nonfatal(char *fmt, ...)
+{
+    char *str, *str2;
+    va_list ap;
+    va_start(ap, fmt);
+    str = dupvprintf(fmt, ap);
+    str2 = dupcat("Error: ", str, "\n", NULL);
+    sfree(str);
+    va_end(ap);
+    fputs(str2, stderr);
+    sfree(str2);
+}
 void connection_fatal(void *frontend, char *fmt, ...)
 {
     char *str, *str2;
@@ -2640,9 +2667,11 @@ static void usage(void)
     printf("  -1 -2     force use of particular SSH protocol version\n");
     printf("  -4 -6     force use of IPv4 or IPv6\n");
     printf("  -C        enable compression\n");
-    printf("  -i key    private key file for authentication\n");
+    printf("  -i key    private key file for user authentication\n");
     printf("  -noagent  disable use of Pageant\n");
     printf("  -agent    enable use of Pageant\n");
+    printf("  -hostkey aa:bb:cc:...\n");
+    printf("            manually specify a host key (may be repeated)\n");
     printf("  -batch    disable all interactive prompts\n");
     cleanup_exit(1);
 }
@@ -2694,6 +2723,7 @@ static int psftp_connect(char *userhost, char *user, int portnumber)
            /* Use `host' as a bare hostname. */
            conf_set_str(conf, CONF_host, host);
        }
+        conf_free(conf2);
     } else {
        /* Patch in hostname `host' to session details. */
        conf_set_str(conf, CONF_host, host);
@@ -2856,6 +2886,9 @@ void cmdline_error(char *p, ...)
     exit(1);
 }
 
+const int share_can_be_downstream = TRUE;
+const int share_can_be_upstream = FALSE;
+
 /*
  * Main program. Parse arguments etc.
  */