[ostree] pull: Fix use-after-free
- From: Colin Walters <walters src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [ostree] pull: Fix use-after-free
- Date: Thu, 21 Aug 2014 17:59:12 +0000 (UTC)
commit 6dfe99a283e9327b70f636cf82da3fa439576645
Author: Anne LoVerso <aelv13 gmail com>
Date: Thu Aug 21 13:45:55 2014 -0400
pull: Fix use-after-free
The strchr() was pointing into a string we were freeing.
src/libostree/ostree-repo-pull.c | 13 ++++++-------
1 files changed, 6 insertions(+), 7 deletions(-)
---
diff --git a/src/libostree/ostree-repo-pull.c b/src/libostree/ostree-repo-pull.c
index 7c85ccd..0ad9157 100644
--- a/src/libostree/ostree-repo-pull.c
+++ b/src/libostree/ostree-repo-pull.c
@@ -441,23 +441,22 @@ scan_dirtree_object (OtPullData *pull_data,
{
const char *subpath = NULL;
const char *nextslash = NULL;
+ gs_free char *dir_data = NULL;
+
g_assert (pull_data->dir[0] == '/'); // assert it starts with / like "/usr/share/rpm"
subpath = pull_data->dir + 1; // refers to name minus / like "usr/share/rpm"
nextslash = strchr (subpath, '/'); //refers to start of next slash like "/share/rpm"
+ dir_data = pull_data->dir; // keep the original pointer around since strchr() points into it
+ pull_data->dir = NULL;
if (nextslash)
{
subdir_target = g_strndup (subpath, nextslash - subpath); // refers to first dir, like "usr"
- g_free (pull_data->dir);
pull_data->dir = g_strdup (nextslash); // sets dir to new deeper level like "/share/rpm"
}
else // we're as deep as it goes, i.e. subpath = "rpm"
- {
- subdir_target = g_strdup (subpath);
- g_clear_pointer (&pull_data->dir, g_free);
- pull_data->dir = NULL;
- }
- }
+ subdir_target = g_strdup (subpath);
+ }
n = g_variant_n_children (dirs_variant);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]