Commit ade0d9c6 by Patrick Steinhardt

commit: avoid possible use-after-free

When extracting a commit's signature, we first free the object and only
afterwards put its signature contents into the result buffer. This works
in most cases - the free'd object will normally be cached anyway, so we
only end up decrementing its reference count without actually freeing
its contents. But in some more exotic setups, where caching is disabled,
this can definitly be a problem, as we might be the only instance
currently holding a reference to this object.

Fix this issue by first extracting the contents and freeing the object
afterwards only.
parent dc851d9e
...@@ -766,8 +766,9 @@ int git_commit_extract_signature(git_buf *signature, git_buf *signed_data, git_r ...@@ -766,8 +766,9 @@ int git_commit_extract_signature(git_buf *signature, git_buf *signed_data, git_r
if (git_buf_oom(signature)) if (git_buf_oom(signature))
goto oom; goto oom;
error = git_buf_puts(signed_data, eol+1);
git_odb_object_free(obj); git_odb_object_free(obj);
return git_buf_puts(signed_data, eol+1); return error;
} }
giterr_set(GITERR_OBJECT, "this commit is not signed"); giterr_set(GITERR_OBJECT, "this commit is not signed");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment