From d0d8ae90eb01d1c3d86b8cd68e4df77352a4f8bc Mon Sep 17 00:00:00 2001 From: Andrew Borodin Date: Wed, 18 Dec 2024 21:00:00 +0000 Subject: [PATCH 1/2] Ticket #4620: (sftpfs_fill_connection_data_from_config): fix use-after-free. Fix Use-after-free in sftpfs_fill_connection_data_from_config() Found by Clang-19 Static Analyzer The bug was introduced in 4c998ac636eb3cfad0ec29bba92c1548fdbeb977. Reported-by: Andreas Mohr Signed-off-by: Andrew Borodin --- src/vfs/sftpfs/config_parser.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/vfs/sftpfs/config_parser.c b/src/vfs/sftpfs/config_parser.c index 622ac32663..84e2e238e2 100644 --- a/src/vfs/sftpfs/config_parser.c +++ b/src/vfs/sftpfs/config_parser.c @@ -393,9 +393,12 @@ sftpfs_fill_connection_data_from_config (struct vfs_s_super *super, GError **mce if (config_entity->real_host != NULL) { - g_free (super->path_element->host); + char *tmp_str = super->path_element->host; + super->path_element->host = sftpsfs_expand_hostname (super->path_element->host, config_entity->real_host); + + g_free (tmp_str); } if (config_entity->identity_file != NULL) From 47761ffc9ab7364b4eb42bacabacdd0f3cf607c6 Mon Sep 17 00:00:00 2001 From: Andreas Mohr Date: Thu, 19 Dec 2024 16:00:00 +0000 Subject: [PATCH 2/2] Ticket #5621: (add_new_entry_cmd): fix Use-after-free. src/filemanager/hotlist.c:1046:26: warning: Use of memory after it is freed [clang-analyzer-unix.Malloc] 1046 | if (title == NULL || *title == '\0' || url == NULL || *url == '\0') | ^~~~~~ - distinct def_text and title/url - simplify and move quick_dialog return evaluation in same function add_new_entry_cmd() Found by Clang-19 Static Analyzer. Signed-off-by: Andreas Mohr Signed-off-by: Andrew Borodin --- src/filemanager/hotlist.c | 27 +++++++++++---------------- 1 file changed, 11 insertions(+), 16 deletions(-) diff --git a/src/filemanager/hotlist.c b/src/filemanager/hotlist.c index d55df3e764..d898ac0cc4 100644 --- a/src/filemanager/hotlist.c +++ b/src/filemanager/hotlist.c @@ -995,14 +995,14 @@ add2hotlist (char *label, char *directory, enum HotListType type, listbox_append static int add_new_entry_input (const char *header, const char *text1, const char *text2, - const char *help, char **r1, char **r2) + const char *help, const char *def_text, char **r1, char **r2) { quick_widget_t quick_widgets[] = { /* *INDENT-OFF* */ - QUICK_LABELED_INPUT (text1, input_label_above, *r1, "input-lbl", r1, NULL, + QUICK_LABELED_INPUT (text1, input_label_above, def_text, "input-lbl", r1, NULL, FALSE, FALSE, INPUT_COMPLETE_NONE), QUICK_SEPARATOR (FALSE), - QUICK_LABELED_INPUT (text2, input_label_above, *r2, "input-lbl", r2, NULL, + QUICK_LABELED_INPUT (text2, input_label_above, def_text, "input-lbl", r2, NULL, FALSE, FALSE, INPUT_COMPLETE_FILENAMES | INPUT_COMPLETE_CD), QUICK_START_BUTTONS (TRUE, TRUE), QUICK_BUTTON (N_("&Append"), B_APPEND, NULL, NULL), @@ -1019,11 +1019,7 @@ add_new_entry_input (const char *header, const char *text1, const char *text2, quick_widgets, NULL, NULL }; - int ret; - - ret = quick_dialog (&qdlg); - - return (ret != B_CANCEL) ? ret : 0; + return quick_dialog (&qdlg); } /* --------------------------------------------------------------------------------------------- */ @@ -1031,19 +1027,18 @@ add_new_entry_input (const char *header, const char *text1, const char *text2, static void add_new_entry_cmd (WPanel *panel) { - char *title, *url, *to_free; + char *def_text; + char *title = NULL; + char *url = NULL; int ret; /* Take current directory as default value for input fields */ - to_free = title = url = vfs_path_to_str_flags (panel->cwd_vpath, 0, VPF_STRIP_PASSWORD); - + def_text = vfs_path_to_str_flags (panel->cwd_vpath, 0, VPF_STRIP_PASSWORD); ret = add_new_entry_input (_("New hotlist entry"), _("Directory label:"), - _("Directory path:"), "[Hotlist]", &title, &url); - g_free (to_free); + _("Directory path:"), "[Hotlist]", def_text, &title, &url); + g_free (def_text); - if (ret == 0) - return; - if (title == NULL || *title == '\0' || url == NULL || *url == '\0') + if (ret == B_CANCEL || title == NULL || *title == '\0' || url == NULL || *url == '\0') { g_free (title); g_free (url);