Closed Bug 253394 Opened 21 years ago Closed 21 years ago

nsFtpState::S_user, S_pass leak user & password strings

Categories

(Core Graveyard :: Networking: FTP, defect)

Product:
Core Graveyard
Component:
Networking: FTP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: Biesinger, Assigned: dougt)

Details

(Keywords: memory-leak, Whiteboard: [good first bug])

Attachments

(1 file, 2 obsolete files)

S_pass(), too
4.40 KB, patch
darin.moz
: review+
darin.moz
: superreview+
Details | Diff | Splinter Review
PRUnichar *user = nsnull, *passwd = nsnull; ... rv = mAuthPrompter->PromptUsernameAndPassword(nsnull, formatedString, prePathU.get(), nsIAuthPrompt::SAVE_PASSWORD_PERMANENTLY, &user, &passwd, &retval); There is never a nsMemory::Free call for user and passwd. This should probably use nsXPIDLString, or use .Adopt to assign to mUser and mPassword, or make sure to call nsMemory::Free when needed.
Whiteboard: [good first bug]
Index: nsFtpConnectionThread.cpp =================================================================== RCS file: /cvsroot/mozilla/netwerk/protocol/ftp/src/nsFtpConnectionThread.cpp,v retrieving revision 1.283 diff -u -r1.283 nsFtpConnectionThread.cpp --- nsFtpConnectionThread.cpp 29 Jun 2004 16:45:05 -0000 1.283 +++ nsFtpConnectionThread.cpp 29 Jul 2004 14:07:33 -0000 @@ -1007,8 +1007,8 @@ // if the user canceled or didn't supply a username we want to fail if (!retval || (user && !*user) ) return NS_ERROR_FAILURE; - mUsername = user; - mPassword = passwd; + mUsername.Adopt(user); + mPassword.Adopt(passwd); } usernameStr.AppendWithConversion(mUsername); }
r=brade
OS: Linux → All
Hardware: PC → All
if (!retval || (user && !*user) ) return NS_ERROR_FAILURE; won't this return still leak the password, and the user if it is an empty non-null string?
That sounds right.. Maybe looking to > use .Adopt to assign to mUser and mPassword, AND > make sure > to call nsMemory::Free when needed.
Attached patch no leaky me (obsolete) — Splinter Review
Comments 1 and 3/4. (Also good for 1.7, and s/b for aviary, too.)
nsXPIDLString does all that freeing automaticly. Why not use it? I think the code will become more readable.
Attached patch fix using nsXPIDLString (obsolete) — Splinter Review
String are s/scary/my friend/. Would the (user, passwd, maybe retval) declarations fit better immediately preceeding PromptUsernameAndPassword()? (user, passwd because that line's changing anyway, and retval, too, for consistency.)
Attachment #154936 - Attachment is obsolete: true
usually, moving will be better. But look at the surrounding code first. What is the convention in the ftp code?
Comment on attachment 156736 [details] [diff] [review] fix using nsXPIDLString Moving the declaration shouldn't break convention. (However, will let the r? call it.)
Attachment #156736 - Flags: review?(dougt)
(In reply to comment #10) > nsFtpState::S_pass() > also leaks passwd Looks like a similar issue, and can probably be treated in a like manner. Maybe the scope of this bug should be expanded to address this also?
(In reply to comment #11) > Looks like a similar issue, and can probably be treated in a like manner. Maybe > the scope of this bug should be expanded to address this also? Probably a good idea :-)
Attached patch S_pass(), tooSplinter Review
Attachment #156736 - Attachment is obsolete: true
Attachment #156736 - Flags: review?(dougt)
John, if you wan't this patch into Necko, please ask for reviews
Comment on attachment 163991 [details] [diff] [review] S_pass(), too r+sr=darin
Attachment #163991 - Flags: superreview+
Attachment #163991 - Flags: review+
fixed-on-trunk thanks for the patch!
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
v. Thanks!
Status: RESOLVED → VERIFIED
Summary: nsFtpState::S_user leaks user & password string → nsFtpState::S_user, S_pass leak user & password strings
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: