* [PATCH 1/2] gpg-interface: fix leak of "line" in parse_ssh_output()
2021-10-18 17:11 [PATCH 0/2] some leak fixes on fs/ssh-signing-fix Jeff King
@ 2021-10-18 17:15 ` Jeff King
2021-10-18 17:15 ` [PATCH 2/2] gpg-interface: fix leak of strbufs in get_ssh_key_fingerprint() Jeff King
2021-10-19 8:16 ` [PATCH 0/2] some leak fixes on fs/ssh-signing-fix Fabian Stelzer
2 siblings, 0 replies; 5+ messages in thread
From: Jeff King @ 2021-10-18 17:15 UTC (permalink / raw)
To: git; +Cc: Fabian Stelzer
We xmemdupz() this buffer, but never free it. Let's do so. We'll use a
cleanup label, since there are multiple exits from the function.
Note that it was also declared a "const char *". We could switch that to
"char *" to indicate that it's allocated, but that make it awkward to
use with skip_prefix(). So instead, we'll introduce an extra non-const
pointer.
Signed-off-by: Jeff King <peff@peff.net>
---
gpg-interface.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/gpg-interface.c b/gpg-interface.c
index 433482307c..c60b9cd19d 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -365,6 +365,7 @@ static int verify_gpg_signed_buffer(struct signature_check *sigc,
static void parse_ssh_output(struct signature_check *sigc)
{
const char *line, *principal, *search;
+ char *to_free;
char *key = NULL;
/*
@@ -383,7 +384,7 @@ static void parse_ssh_output(struct signature_check *sigc)
sigc->result = 'B';
sigc->trust_level = TRUST_NEVER;
- line = xmemdupz(sigc->output, strcspn(sigc->output, "\n"));
+ line = to_free = xmemdupz(sigc->output, strcspn(sigc->output, "\n"));
if (skip_prefix(line, "Good \"git\" signature for ", &line)) {
/* Valid signature and known principal */
@@ -403,7 +404,7 @@ static void parse_ssh_output(struct signature_check *sigc)
sigc->result = 'G';
sigc->trust_level = TRUST_UNDEFINED;
} else {
- return;
+ goto cleanup;
}
key = strstr(line, "key");
@@ -417,6 +418,9 @@ static void parse_ssh_output(struct signature_check *sigc)
*/
sigc->result = 'B';
}
+
+cleanup:
+ free(to_free);
}
static int verify_ssh_signed_buffer(struct signature_check *sigc,
--
2.33.1.1223.g80c1dbe6e5
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 2/2] gpg-interface: fix leak of strbufs in get_ssh_key_fingerprint()
2021-10-18 17:11 [PATCH 0/2] some leak fixes on fs/ssh-signing-fix Jeff King
2021-10-18 17:15 ` [PATCH 1/2] gpg-interface: fix leak of "line" in parse_ssh_output() Jeff King
@ 2021-10-18 17:15 ` Jeff King
2021-10-19 8:16 ` [PATCH 0/2] some leak fixes on fs/ssh-signing-fix Fabian Stelzer
2 siblings, 0 replies; 5+ messages in thread
From: Jeff King @ 2021-10-18 17:15 UTC (permalink / raw)
To: git; +Cc: Fabian Stelzer
We read stdout from gpg into a strbuf, then split it into a list of
strbufs, pull out one element, and return it. But we don't free either
the original stdout buffer, nor the list returned from strbuf_split().
This patch fixes both. Note that we have to detach the returned string
from its strbuf before calling strbuf_list_free(), as that would
otherwise throw it away.
Signed-off-by: Jeff King <peff@peff.net>
---
gpg-interface.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/gpg-interface.c b/gpg-interface.c
index c60b9cd19d..800d8caa67 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -711,6 +711,7 @@ static char *get_ssh_key_fingerprint(const char *signing_key)
int ret = -1;
struct strbuf fingerprint_stdout = STRBUF_INIT;
struct strbuf **fingerprint;
+ char *fingerprint_ret;
/*
* With SSH Signing this can contain a filename or a public key
@@ -737,7 +738,10 @@ static char *get_ssh_key_fingerprint(const char *signing_key)
die_errno(_("failed to get the ssh fingerprint for key '%s'"),
signing_key);
- return strbuf_detach(fingerprint[1], NULL);
+ fingerprint_ret = strbuf_detach(fingerprint[1], NULL);
+ strbuf_list_free(fingerprint);
+ strbuf_release(&fingerprint_stdout);
+ return fingerprint_ret;
}
/* Returns the first public key from an ssh-agent to use for signing */
--
2.33.1.1223.g80c1dbe6e5
^ permalink raw reply related [flat|nested] 5+ messages in thread