forked from rpms/elfutils
39 lines
1.3 KiB
Diff
39 lines
1.3 KiB
Diff
From 1be0787d6654ed71bf659e8bfd34895fea7589eb Mon Sep 17 00:00:00 2001
|
|
From: Aaron Merey <amerey@redhat.com>
|
|
Date: Fri, 24 Jan 2025 19:43:19 -0500
|
|
Subject: [PATCH] debuginfod-client.c: Avoid freeing uninitialized value
|
|
|
|
debuginfod_validate_imasig might call free on an uninitialized sig_buf
|
|
due to a goto that can occur before sig_buf is set to NULL.
|
|
|
|
Fix this by setting sig_buf to NULL before the goto.
|
|
|
|
Signed-off-by: Aaron Merey <amerey@redhat.com>
|
|
---
|
|
debuginfod/debuginfod-client.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/debuginfod/debuginfod-client.c b/debuginfod/debuginfod-client.c
|
|
index deff19ff..d89beae9 100644
|
|
--- a/debuginfod/debuginfod-client.c
|
|
+++ b/debuginfod/debuginfod-client.c
|
|
@@ -1587,6 +1587,7 @@ debuginfod_validate_imasig (debuginfod_client *c, int fd)
|
|
{
|
|
int rc = ENOSYS;
|
|
|
|
+ char* sig_buf = NULL;
|
|
EVP_MD_CTX *ctx = NULL;
|
|
if (!c || !c->winning_headers)
|
|
{
|
|
@@ -1594,7 +1595,6 @@ debuginfod_validate_imasig (debuginfod_client *c, int fd)
|
|
goto exit_validate;
|
|
}
|
|
// Extract the HEX IMA-signature from the header
|
|
- char* sig_buf = NULL;
|
|
char* hdr_ima_sig = strcasestr(c->winning_headers, "x-debuginfod-imasignature");
|
|
if (!hdr_ima_sig || 1 != sscanf(hdr_ima_sig + strlen("x-debuginfod-imasignature:"), "%ms", &sig_buf))
|
|
{
|
|
--
|
|
2.48.1
|
|
|