[fetchmail-devel] minor bug fixes for socket.c

[John B. <joh...@or...>]

Greetings,

First, while running a static code analysis tool (Parfait) on fetchmail, it
found some bugs:

Error: Memory leak (CWE 401)
   Memory leak of pointer 'plugin_copy' allocated with malloc((plugin_copy_len + 1))
        at line 137 of components/fetchmail/fetchmail-6.3.22/socket.c in function 'parse_plugin'.
          'plugin_copy' allocated at line 107 with malloc((plugin_copy_len + 1)).
          plugin_copy leaks when plugin_copy_offset >= plugin_copy_len at line 114.

Error: Null pointer dereference (CWE 476)
   Read from null pointer 'argvec'
        at line 189 of components/fetchmail/fetchmail-6.3.22/socket.c in function 'handle_plugin'.
          Function 'parse_plugin' may return constant 'NULL' at line 137, called at line 188.
          Null pointer introduced at line 137 in function 'parse_plugin'.
        at line 190 of components/fetchmail/fetchmail-6.3.22/socket.c in function 'handle_plugin'.
          Function 'parse_plugin' may return constant 'NULL' at line 137, called at line 188.
          Null pointer introduced at line 137 in function 'parse_plugin'.

(I realize these are on 6.3.22; I checked and verified that this portion of
the code is the same in 6.3.24.)

The attached patch fixes each of these.

Second, I originally sent this to the -users list per FAQ #G3.  It seems that
entry should be updated to indicate the -devel list instead.

-- John

PS I am skipping the usual six items requested per FAQ #G3, as they seem
   superfluous here. If anyone really feels the need for them, let me know.

http://blogs.oracle.com/jbeck/