* [PATCH] Fix leak in credential_apply_config
@ 2021-08-20 8:44 Mike Hommey
2021-08-20 14:58 ` Derrick Stolee
0 siblings, 1 reply; 4+ messages in thread
From: Mike Hommey @ 2021-08-20 8:44 UTC (permalink / raw)
To: Junio C Hamano; +Cc: git, Mike Hommey
Signed-off-by: Mike Hommey <mh@glandium.org>
---
credential.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/credential.c b/credential.c
index 3c05c7c669..000ac7a8d4 100644
--- a/credential.c
+++ b/credential.c
@@ -128,6 +128,7 @@ static void credential_apply_config(struct credential *c)
normalized_url = url_normalize(url.buf, &config.url);
git_config(urlmatch_config_entry, &config);
+ string_list_clear(&config.vars, 1);
free(normalized_url);
strbuf_release(&url);
--
2.33.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] Fix leak in credential_apply_config
2021-08-20 8:44 [PATCH] Fix leak in credential_apply_config Mike Hommey
@ 2021-08-20 14:58 ` Derrick Stolee
2021-08-20 17:56 ` Jeff King
0 siblings, 1 reply; 4+ messages in thread
From: Derrick Stolee @ 2021-08-20 14:58 UTC (permalink / raw)
To: Mike Hommey, Junio C Hamano; +Cc: git
On 8/20/2021 4:44 AM, Mike Hommey wrote:
> normalized_url = url_normalize(url.buf, &config.url);
>
> git_config(urlmatch_config_entry, &config);
> + string_list_clear(&config.vars, 1);
> free(normalized_url);
> strbuf_release(&url);
A good find! This is obviously correct and a valuable change
to make. If you are interested in doing a little extra work,
then I think there is something more we could do here.
I took a look at the rest of "struct urlmatch_config" to see
if anything else needed to be cleared, and it turns out that
config.url.url is an allocated string, but happens to be
equal to normalized_url, which is freed here.
Perhaps the optimal organization would be to have a
clear_urlmatch_config() method that clears all allocated data
within the config, and change things like url_normalize()
return a 'const char *' to make it clear that the url should
be freed somewhere else.
It would help unify the handling of code that is somewhat
duplicated (but slightly different each time) across
credential_apply_config(), http_init(), get_urlmatch(),
and cmd__urlmatch_normalization().
Thanks,
-Stolee
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] Fix leak in credential_apply_config
2021-08-20 14:58 ` Derrick Stolee
@ 2021-08-20 17:56 ` Jeff King
2021-08-20 17:57 ` Jeff King
0 siblings, 1 reply; 4+ messages in thread
From: Jeff King @ 2021-08-20 17:56 UTC (permalink / raw)
To: Derrick Stolee; +Cc: Mike Hommey, Junio C Hamano, git
On Fri, Aug 20, 2021 at 10:58:56AM -0400, Derrick Stolee wrote:
> On 8/20/2021 4:44 AM, Mike Hommey wrote:
> > normalized_url = url_normalize(url.buf, &config.url);
> >
> > git_config(urlmatch_config_entry, &config);
> > + string_list_clear(&config.vars, 1);
> > free(normalized_url);
> > strbuf_release(&url);
>
> A good find! This is obviously correct and a valuable change
> to make. If you are interested in doing a little extra work,
> then I think there is something more we could do here.
>
> I took a look at the rest of "struct urlmatch_config" to see
> if anything else needed to be cleared, and it turns out that
> config.url.url is an allocated string, but happens to be
> equal to normalized_url, which is freed here.
>
> Perhaps the optimal organization would be to have a
> clear_urlmatch_config() method that clears all allocated data
> within the config, and change things like url_normalize()
> return a 'const char *' to make it clear that the url should
> be freed somewhere else.
Yeah, I had the same thought; it feels like we're peeking into details
of how url_config works (especially the knowledge that we we should be
passing free_util).
> It would help unify the handling of code that is somewhat
> duplicated (but slightly different each time) across
> credential_apply_config(), http_init(), get_urlmatch(),
> and cmd__urlmatch_normalization().
Agreed. It looks like http_init() has the same leak that is fixed here.
-Peff
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] Fix leak in credential_apply_config
2021-08-20 17:56 ` Jeff King
@ 2021-08-20 17:57 ` Jeff King
0 siblings, 0 replies; 4+ messages in thread
From: Jeff King @ 2021-08-20 17:57 UTC (permalink / raw)
To: Derrick Stolee; +Cc: Mike Hommey, Junio C Hamano, git
On Fri, Aug 20, 2021 at 01:56:20PM -0400, Jeff King wrote:
> > It would help unify the handling of code that is somewhat
> > duplicated (but slightly different each time) across
> > credential_apply_config(), http_init(), get_urlmatch(),
> > and cmd__urlmatch_normalization().
>
> Agreed. It looks like http_init() has the same leak that is fixed here.
Oh, nevermind. That call is indeed correct. Apparently if you re-order
two lines I'm unable to see them. ;)
-Peff
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-08-20 17:57 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-20 8:44 [PATCH] Fix leak in credential_apply_config Mike Hommey
2021-08-20 14:58 ` Derrick Stolee
2021-08-20 17:56 ` Jeff King
2021-08-20 17:57 ` Jeff King
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).