From 981a37916fdb7b73435c6d5cdb01428b2269427d Mon Sep 17 00:00:00 2001 From: TJ Saunders Date: Sun, 9 Feb 2025 12:14:25 -0800 Subject: [PATCH] Issue #1866: Some of the fuzzing tests submitted in the advisory ran into existing null pointer dereferences (not buffer overflows); let's correct them. (#1867) Upstream-Status: Backport [https://github.com/proftpd/proftpd/commit/981a37916fdb7b73435c6d5cdb01428b2269427d] CVE: CVE-2024-57392 Signed-off-by: Vijay Anusuri --- modules/mod_ls.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/modules/mod_ls.c b/modules/mod_ls.c index 45a3187bd..f7abfe540 100644 --- a/modules/mod_ls.c +++ b/modules/mod_ls.c @@ -349,7 +349,8 @@ static int sendline(int flags, char *fmt, ...) { errno != 0) { int xerrno = errno; - if (session.d != NULL) { + if (session.d != NULL && + session.d->outstrm != NULL) { xerrno = PR_NETIO_ERRNO(session.d->outstrm); } @@ -1039,7 +1040,9 @@ static int outputfiles(cmd_rec *cmd) { return res; } - tail->down = NULL; + if (tail != NULL) { + tail->down = NULL; + } tail = NULL; colwidth = (colwidth | 7) + 1; if (opt_l || !opt_C) { -- 2.25.1