proxmox-mirrors/libgit2
1
0
Fork 0
mirror of https://git.proxmox.com/git/libgit2 synced 2025-05-09 13:04:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

commit: avoid possible use-after-free

Browse Source 
When extracting a commit's signature, we first free the object and only
afterwards put its signature contents into the result buffer. This works
in most cases - the free'd object will normally be cached anyway, so we
only end up decrementing its reference count without actually freeing
its contents. But in some more exotic setups, where caching is disabled,
this can definitly be a problem, as we might be the only instance
currently holding a reference to this object.

Fix this issue by first extracting the contents and freeing the object
afterwards only.
This commit is contained in:
Patrick Steinhardt 2017-02-13 13:46:17 +01:00
parent dc851d9eae
commit ade0d9c658
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/commit.c
View File

@ -766,8 +766,9 @@ int git_commit_extract_signature(git_buf *signature, git_buf *signed_data, git_r
if (git_buf_oom(signature))
goto oom;
error = git_buf_puts(signed_data, eol+1);
git_odb_object_free(obj);
return git_buf_puts(signed_data, eol+1);
return error;
}
giterr_set(GITERR_OBJECT, "this commit is not signed");