all repos — cgit @ 58d04f6523b0029281d65f841859fa42d0c744ff

a hyperfast web frontend for git written in c 

cache_lock: do xstrdup/free on lockfile

Since fmt() uses 8 alternating static buffers, and cache_lock might call
cache_create_dirs() multiple times, which in turn might call fmt() twice,
after four iterations lockfile would be overwritten by a cachedirectory
path.

In worst case, this could cause the cachedirectory to be unlinked and replaced
by a cachefile.

Fix: use xstrdup() on the result from fmt() before assigning to lockfile, and
call free(lockfile) before exit.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
Lars Hjemli hjemli@gmail.com
Tue, 12 Dec 2006 10:16:41 +0100
commit

58d04f6523b0029281d65f841859fa42d0c744ff

parent

fbaf1171b4e343929dd43ecac7cd9d1c692b84ec

1 files changed, 2 insertions(+), 1 deletions(-)

jump to
M cache.ccache.c 
@@ -74,7 +74,7 @@
 int cache_lock(struct cacheitem *item)
 {
 	int i = 0;
-	char *lockfile = fmt("%s.lock", item->name);
+	char *lockfile = xstrdup(fmt("%s.lock", item->name));
 
  top:
 	if (++i > cgit_max_lock_attempts)

@@ -90,6 +90,7 @@ if (item->fd == NOLOCK && errno == EEXIST &&
 	    cache_refill_overdue(lockfile) && !unlink(lockfile))
 			goto top;
 
+	free(lockfile);
 	return (item->fd > 0);
 }