From daede13571cd528b3cb054484a626d32326d3178 Mon Sep 17 00:00:00 2001 From: Berthold Stoeger Date: Fri, 12 Jan 2018 18:54:27 +0100 Subject: [PATCH] Fix leak(s) in core/git-access.c The libgit2 functions git_cred_ssh_key_new() and git_cred_userpass_plaintext_new() copy their arguments. Therefore, free the string arguments or don't copy them in the first place. Signed-off-by: Berthold Stoeger --- core/git-access.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/core/git-access.c b/core/git-access.c index 2503abce6..8a0b916e5 100644 --- a/core/git-access.c +++ b/core/git-access.c @@ -204,10 +204,12 @@ int credential_ssh_cb(git_cred **out, return GIT_EUSER; } - const char *priv_key = format_string("%s/%s", system_default_directory(), "ssrf_remote.key"); - const char *passphrase = prefs.cloud_storage_password ? strdup(prefs.cloud_storage_password) : strdup(""); + char *priv_key = format_string("%s/%s", system_default_directory(), "ssrf_remote.key"); + const char *passphrase = prefs.cloud_storage_password ? prefs.cloud_storage_password : ""; - return git_cred_ssh_key_new(out, username_from_url, NULL, priv_key, passphrase); + int res = git_cred_ssh_key_new(out, username_from_url, NULL, priv_key, passphrase); + free(priv_key); + return res; } int credential_https_cb(git_cred **out, @@ -228,7 +230,7 @@ int credential_https_cb(git_cred **out, } const char *username = prefs.cloud_storage_email_encoded; - const char *password = prefs.cloud_storage_password ? strdup(prefs.cloud_storage_password) : strdup(""); + const char *password = prefs.cloud_storage_password ? prefs.cloud_storage_password : ""; return git_cred_userpass_plaintext_new(out, username, password); }