cache_lock: do xstrdup/free on lockfile
Since fmt() uses 8 alternating static buffers, and cache_lock might call cache_create_dirs() multiple times, which in turn might call fmt() twice, after four iterations lockfile would be overwritten by a cachedirectory path. In worst case, this could cause the cachedirectory to be unlinked and replaced by a cachefile. Fix: use xstrdup() on the result from fmt() before assigning to lockfile, and call free(lockfile) before exit. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
This commit is contained in:
parent
fbaf1171b4
commit
58d04f6523
3
cache.c
3
cache.c
@ -74,7 +74,7 @@ int cache_refill_overdue(const char *lockfile)
|
|||||||
int cache_lock(struct cacheitem *item)
|
int cache_lock(struct cacheitem *item)
|
||||||
{
|
{
|
||||||
int i = 0;
|
int i = 0;
|
||||||
char *lockfile = fmt("%s.lock", item->name);
|
char *lockfile = xstrdup(fmt("%s.lock", item->name));
|
||||||
|
|
||||||
top:
|
top:
|
||||||
if (++i > cgit_max_lock_attempts)
|
if (++i > cgit_max_lock_attempts)
|
||||||
@ -90,6 +90,7 @@ int cache_lock(struct cacheitem *item)
|
|||||||
cache_refill_overdue(lockfile) && !unlink(lockfile))
|
cache_refill_overdue(lockfile) && !unlink(lockfile))
|
||||||
goto top;
|
goto top;
|
||||||
|
|
||||||
|
free(lockfile);
|
||||||
return (item->fd > 0);
|
return (item->fd > 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user