thodg/libgit2

Browse

Commit 9f861826be17d1f3d4e34df1f4b2d4bd9aaec3b0

Oleg Andreev 2011-10-27T16:45:44

Fixed crash in config parser when empty value is encountered. Example: key1 = value1 key2 = In this config the value will be a bad pointer which config object will attempt to free() causing a crash. 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

diff --git a/src/config_file.c b/src/config_file.c
index a85ae15..3540aae 100644
--- a/src/config_file.c
+++ b/src/config_file.c
@@ -1158,19 +1158,25 @@ static int parse_variable(diskfile_backend *cfg, char **var_name, char **var_val
 		while (isspace(value_start[0]))
 			value_start++;
 
-		if (value_start[0] == '\0')
+		if (value_start[0] == '\0') {
+			*var_value = NULL;
 			goto out;
+		}
 
 		if (is_multiline_var(value_start)) {
 			error = parse_multiline_variable(cfg, value_start, var_value);
-			if (error < GIT_SUCCESS)
+			if (error != GIT_SUCCESS)
+			{
+				*var_value = NULL;
 				free(*var_name);
+			}
 			goto out;
 		}
 
 		tmp = strdup(value_start);
 		if (tmp == NULL) {
 			free(*var_name);
+			*var_value = NULL;
 			error = GIT_ENOMEM;
 			goto out;
 		}
kmx.io     mail     discord kmxgit v0.4.0