"GOT", but the "O" is a cute, smiling pufferfish. Index | Thread | Search

From:
Omar Polo <op@omarpolo.com>
Subject:
plug leak in got_fetch_pack error path
To:
gameoftrees@openbsd.org
Date:
Sat, 08 Jul 2023 19:59:43 +0200

Download raw body.

Thread
as per subject, set err and goto done instead of an early return.

diff /tmp/got
commit - 4b3827cd43394b89d2af822dcd1d9a9179c1ee10
path + /tmp/got
blob - 15eea55419c93fd724e16e8904ae2506a727a5e2
file + lib/fetch.c
--- lib/fetch.c
+++ lib/fetch.c
@@ -401,13 +401,17 @@ got_fetch_pack(struct got_object_id **pack_hash, struc
 		}
 		nobj = be32toh(pack_hdr.nobjects);
 		if (nobj == 0 &&
-		    packfile_size > ssizeof(pack_hdr) + SHA1_DIGEST_LENGTH)
-			return got_error_msg(GOT_ERR_BAD_PACKFILE,
+		    packfile_size > ssizeof(pack_hdr) + SHA1_DIGEST_LENGTH) {
+			err = got_error_msg(GOT_ERR_BAD_PACKFILE,
 			    "bad pack file with zero objects");
+			goto done;
+		}
 		if (nobj != 0 &&
-		    packfile_size <= ssizeof(pack_hdr) + SHA1_DIGEST_LENGTH)
-			return got_error_msg(GOT_ERR_BAD_PACKFILE,
+		    packfile_size <= ssizeof(pack_hdr) + SHA1_DIGEST_LENGTH) {
+			err = got_error_msg(GOT_ERR_BAD_PACKFILE,
 			    "empty pack file with non-zero object count");
+			goto done;
+		}
 	}
 
 	/*