Potential security issue in lib/ftp.c: Unchecked return from initialization function

[monocle-ai]

What is a Conditionally Uninitialized Variable? The return value of a function that is potentially used to initialize a local variable is not checked. Therefore, reading the local variable may result in undefined behavior.

3 instances of this defect were found in the following locations:

Instance 1
File : lib/ftp.c
Function: Curl_GetFTPResponse

curl/lib/ftp.c

Line 412 in 17b1405

Curl_GetFTPResponse(&nread, conn, &ftpcode);

Code extract:

    }
    else if(result & CURL_CSELECT_IN) {
      infof(data, "Ctrl conn has data while waiting for data conn\n");
      Curl_GetFTPResponse(&nread, conn, &ftpcode); <------ HERE

      if(ftpcode/100 > 3)

How can I fix it?
Correct reference usage found in lib/ftp.c at line 3380.

curl/lib/ftp.c

Line 3380 in 17b1405

result = Curl_GetFTPResponse(&nread, conn, &ftpcode);

Code extract:

      pp->response = Curl_now(); /* timeout relative now */

      result = Curl_GetFTPResponse(&nread, conn, &ftpcode); <------ HERE
      if(result)
        return result;

---

Instance 2
File : lib/ftp.c
Function: Curl_inet_ntop

curl/lib/ftp.c

Line 1060 in 17b1405

Curl_inet_ntop(sa->sa_family, &sa4->sin_addr, hbuf, sizeof(hbuf));

Code extract:

      break;
#endif
    default:
      Curl_inet_ntop(sa->sa_family, &sa4->sin_addr, hbuf, sizeof(hbuf)); <------ HERE
      break;
    }

How can I fix it?
Correct reference usage found in lib/connect.c at line 650.

curl/lib/connect.c

Line 650 in 17b1405

if(Curl_inet_ntop(sa->sa_family, &si6->sin6_addr,

Code extract:

#ifdef ENABLE_IPV6
    case AF_INET6:
      si6 = (struct sockaddr_in6 *)(void *) sa;
      if(Curl_inet_ntop(sa->sa_family, &si6->sin6_addr, <------ HERE
                        addr, MAX_IPADR_LEN)) {
        unsigned short us_port = ntohs(si6->sin6_port);

---

Instance 3
File : lib/ftp.c
Function: Curl_printable_address

curl/lib/ftp.c

Line 3453 in 17b1405

Curl_printable_address(ai, buf, sizeof(buf));

Code extract:

                 int port)
{
  char buf[256];
  Curl_printable_address(ai, buf, sizeof(buf)); <------ HERE
  infof(conn->data, "Connecting to %s (%s) port %d\n", newhost, buf, port);
}

How can I fix it?
Correct reference usage found in lib/socks.c at line 785.

curl/lib/socks.c

Line 785 in 17b1405

if(Curl_printable_address(hp, dest, sizeof(dest))) {

Code extract:

      return CURLE_COULDNT_RESOLVE_HOST;
    }

    if(Curl_printable_address(hp, dest, sizeof(dest))) { <------ HERE
      size_t destlen = strlen(dest);
      msnprintf(dest + destlen, sizeof(dest) - destlen, ":%d", remote_port);

[siva-msft]

@bagder what do you think about instance 2?
In curl/lib/ftp.c; line 412 in 17b1405
Curl_GetFTPResponse(&nread, conn, &ftpcode);
Edit:
In curl/lib/ftp.c line 1060
Curl_inet_ntop(sa->sa_family, &sa4->sin_addr, hbuf, sizeof(hbuf));

[bagder]

I already added a (void) in front of that function call to mark the not-using-the-returncode as deliberate. I don't think there's an issue there.

[siva-msft]

Thanks @bagder - I think I pasted the wrong line there. How about this one?
Instace 2
Curl_inet_ntop(sa->sa_family, &sa4->sin_addr, hbuf, sizeof(hbuf));

[bagder]

I missed those. There seems to be two calls in ftp.c and one in if2ip.c that we should fix...