Commit 21f77af92ccf00ceb91b2d12f2653ff7420f146c

Carlos Martín Nieto 2017-07-12T07:40:16

signature: don't leave a dangling pointer to the strings on parse failure If the signature is invalid but we detect that after allocating the strings, we free them. We however leave that pointer dangling in the structure the caller gave us, which can lead to double-free. Set these pointers to `NULL` after freeing their memory to avoid this.

1
2
3
4
5
6
7
8
9
10
11
12
diff --git a/src/signature.c b/src/signature.c
index a56b8a2..25e0ee7 100644
--- a/src/signature.c
+++ b/src/signature.c
@@ -231,6 +231,7 @@ int git_signature__parse(git_signature *sig, const char **buffer_out,
 		if (git__strtol64(&sig->when.time, time_start, &time_end, 10) < 0) {
 			git__free(sig->name);
 			git__free(sig->email);
+			sig->name = sig->email = NULL;
 			return signature_error("invalid Unix timestamp");
 		}