aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorLars Hjemli2006-12-12 10:16:41 +0100
committerLars Hjemli2006-12-12 10:16:41 +0100
commit58d04f6523b0029281d65f841859fa42d0c744ff (patch)
treeed52e95047ccbb99152f7d3f009e57687e6452f1
parentfbaf1171b4e343929dd43ecac7cd9d1c692b84ec (diff)
downloadcgit-58d04f6523b0029281d65f841859fa42d0c744ff.tar
cgit-58d04f6523b0029281d65f841859fa42d0c744ff.tar.gz
cgit-58d04f6523b0029281d65f841859fa42d0c744ff.zip
cache_lock: do xstrdup/free on lockfile
Since fmt() uses 8 alternating static buffers, and cache_lock might call cache_create_dirs() multiple times, which in turn might call fmt() twice, after four iterations lockfile would be overwritten by a cachedirectory path. In worst case, this could cause the cachedirectory to be unlinked and replaced by a cachefile. Fix: use xstrdup() on the result from fmt() before assigning to lockfile, and call free(lockfile) before exit. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
-rw-r--r--cache.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/cache.c b/cache.c
index b947a34..39e63a5 100644
--- a/cache.c
+++ b/cache.c
@@ -74,7 +74,7 @@ int cache_refill_overdue(const char *lockfile)
int cache_lock(struct cacheitem *item)
{
int i = 0;
- char *lockfile = fmt("%s.lock", item->name);
+ char *lockfile = xstrdup(fmt("%s.lock", item->name));
top:
if (++i > cgit_max_lock_attempts)
@@ -90,6 +90,7 @@ int cache_lock(struct cacheitem *item)
cache_refill_overdue(lockfile) && !unlink(lockfile))
goto top;
+ free(lockfile);
return (item->fd > 0);
}