search

Siim / ftp

Lightweight FTP server written in C
BSD 3-Clause "New" or "Revised" License
137 stars 71 forks source link

Bugs report #6

Open songxpu opened 1 year ago

songxpu commented 1 year ago

There is a small bug in server.c:173

void ftp_mkd(Command *cmd, State *state)
{
  char res[2*BSIZE+32]; 
  ...
  state->message = res;
  ...
  state->message = "550 Failed to create directory. Check path or permissions.\r\n";  // local address
  ...
  write_state(state);
}

void write_state(State *state)
{
  write(state->connection, state->message, strlen(state->message)); // bug location: read previous local address
}

ASAN image

Reproduce

USER anonymous
PASS anonymous
MKD <filename> // filename should not be existed.
songxpu commented 1 year ago

This type of bug which can lead to undefined behaviors, but it may not cause serious impact at this project.

songxpu commented 1 year ago

Another bug is in server.c:51, it is because state does not initialize username after allocating memory space.

State *state = malloc(sizeof(State));
...
printf("User %s sent command: %s\r\n",(state->username==0)?"unknown":state->username,buffer); // line 51

ASAN: image

08183080 commented 11 months ago

how you find the bug? can you share?