From: Jeff King Date: Mon, 18 Oct 2021 17:15:37 +0000 (-0400) Subject: gpg-interface: fix leak of strbufs in get_ssh_key_fingerprint() X-Git-Tag: v2.34.0-rc0~34^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f3af71c947cdf2e5acd16cacf50586b829a68f6e;p=thirdparty%2Fgit.git gpg-interface: fix leak of strbufs in get_ssh_key_fingerprint() We read stdout from gpg into a strbuf, then split it into a list of strbufs, pull out one element, and return it. But we don't free either the original stdout buffer, nor the list returned from strbuf_split(). This patch fixes both. Note that we have to detach the returned string from its strbuf before calling strbuf_list_free(), as that would otherwise throw it away. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- diff --git a/gpg-interface.c b/gpg-interface.c index c60b9cd19d..800d8caa67 100644 --- a/gpg-interface.c +++ b/gpg-interface.c @@ -711,6 +711,7 @@ static char *get_ssh_key_fingerprint(const char *signing_key) int ret = -1; struct strbuf fingerprint_stdout = STRBUF_INIT; struct strbuf **fingerprint; + char *fingerprint_ret; /* * With SSH Signing this can contain a filename or a public key @@ -737,7 +738,10 @@ static char *get_ssh_key_fingerprint(const char *signing_key) die_errno(_("failed to get the ssh fingerprint for key '%s'"), signing_key); - return strbuf_detach(fingerprint[1], NULL); + fingerprint_ret = strbuf_detach(fingerprint[1], NULL); + strbuf_list_free(fingerprint); + strbuf_release(&fingerprint_stdout); + return fingerprint_ret; } /* Returns the first public key from an ssh-agent to use for signing */