From 156b78adfab2e854018a6d56e437daa943a93fcc Mon Sep 17 00:00:00 2001 From: Michael Vetter Date: Thu, 26 Feb 2026 20:33:13 +0100 Subject: [PATCH] cleanup: fix potential NULL dereference and leaks in cmd_sendfile * Add NULL checks for malloc and strdup calls in cmd_sendfile * Ensure file handles and descriptors are closed on all error paths --- src/command/cmd_funcs.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/src/command/cmd_funcs.c b/src/command/cmd_funcs.c index 1ce9e782..2f9e2d0e 100644 --- a/src/command/cmd_funcs.c +++ b/src/command/cmd_funcs.c @@ -4869,6 +4869,11 @@ cmd_sendfile(ProfWin* window, const char* const command, gchar** args) } FILE* fh = fdopen(fd, "rb"); + if (!fh) { + cons_show_error("Unable to open file descriptor for '%s'.", filename); + close(fd); + goto out; + } if (omemo_enabled) { #ifdef HAVE_OMEMO @@ -4878,12 +4883,23 @@ cmd_sendfile(ProfWin* window, const char* const command, gchar** args) if (err != NULL) { cons_show_error(err); win_println(window, THEME_ERROR, "-", err); + if (fh) { + fclose(fh); + } goto out; } #endif } HTTPUpload* upload = malloc(sizeof(HTTPUpload)); + if (!upload) { + cons_show_error("Memory allocation failed."); + if (fh) { + fclose(fh); + } + goto out; + } + upload->window = window; upload->filename = strdup(filename); @@ -4891,6 +4907,17 @@ cmd_sendfile(ProfWin* window, const char* const command, gchar** args) upload->filesize = file_size(fd); upload->mime_type = file_mime_type(filename); + if (!upload->filename || !upload->mime_type) { + cons_show_error("Memory allocation failed."); + if (fh) { + fclose(fh); + } + free(upload->filename); + free(upload->mime_type); + free(upload); + goto out; + } + if (alt_scheme != NULL) { upload->alt_scheme = strdup(alt_scheme); } else {