diff options
| author | Junio C Hamano <gitster@pobox.com> | 2021-10-25 16:06:58 -0700 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2021-10-25 16:06:58 -0700 |
| commit | ef1639145de771d33fe5b919f13debaaeaca35f7 (patch) | |
| tree | 720e51559205dd65805a5dd96fd25281bc67fa6c /gpg-interface.c | |
| parent | Merge branch 'fs/ssh-signing' (diff) | |
| parent | gpg-interface: fix leak of strbufs in get_ssh_key_fingerprint() (diff) | |
| download | git-ef1639145de771d33fe5b919f13debaaeaca35f7.tar.gz git-ef1639145de771d33fe5b919f13debaaeaca35f7.zip | |
Merge branch 'fs/ssh-signing-fix'
Fix-up for the other topic already in 'next'.
* fs/ssh-signing-fix:
gpg-interface: fix leak of strbufs in get_ssh_key_fingerprint()
gpg-interface: fix leak of "line" in parse_ssh_output()
ssh signing: clarify trustlevel usage in docs
ssh signing: fmt-merge-msg tests & config parse
Diffstat (limited to 'gpg-interface.c')
| -rw-r--r-- | gpg-interface.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/gpg-interface.c b/gpg-interface.c index 433482307c..800d8caa67 100644 --- a/gpg-interface.c +++ b/gpg-interface.c @@ -365,6 +365,7 @@ static int verify_gpg_signed_buffer(struct signature_check *sigc, static void parse_ssh_output(struct signature_check *sigc) { const char *line, *principal, *search; + char *to_free; char *key = NULL; /* @@ -383,7 +384,7 @@ static void parse_ssh_output(struct signature_check *sigc) sigc->result = 'B'; sigc->trust_level = TRUST_NEVER; - line = xmemdupz(sigc->output, strcspn(sigc->output, "\n")); + line = to_free = xmemdupz(sigc->output, strcspn(sigc->output, "\n")); if (skip_prefix(line, "Good \"git\" signature for ", &line)) { /* Valid signature and known principal */ @@ -403,7 +404,7 @@ static void parse_ssh_output(struct signature_check *sigc) sigc->result = 'G'; sigc->trust_level = TRUST_UNDEFINED; } else { - return; + goto cleanup; } key = strstr(line, "key"); @@ -417,6 +418,9 @@ static void parse_ssh_output(struct signature_check *sigc) */ sigc->result = 'B'; } + +cleanup: + free(to_free); } static int verify_ssh_signed_buffer(struct signature_check *sigc, @@ -707,6 +711,7 @@ static char *get_ssh_key_fingerprint(const char *signing_key) int ret = -1; struct strbuf fingerprint_stdout = STRBUF_INIT; struct strbuf **fingerprint; + char *fingerprint_ret; /* * With SSH Signing this can contain a filename or a public key @@ -733,7 +738,10 @@ static char *get_ssh_key_fingerprint(const char *signing_key) die_errno(_("failed to get the ssh fingerprint for key '%s'"), signing_key); - return strbuf_detach(fingerprint[1], NULL); + fingerprint_ret = strbuf_detach(fingerprint[1], NULL); + strbuf_list_free(fingerprint); + strbuf_release(&fingerprint_stdout); + return fingerprint_ret; } /* Returns the first public key from an ssh-agent to use for signing */ |