From: Christian Weisgerber Subject: Minor memory leak in dial_git() To: gameoftrees@openbsd.org Date: Fri, 28 May 2021 22:22:24 +0200 The sequence asprintf(&pkt, ...) write(..., pkt, ...) asprintf(&pkt, ...) write(..., pkt, ...) in dial_git() leaks a buffer. We could insert a free(pkt), but I think it's simpler and clearer to create the packet in a single asprintf(). This partially reverts commit 4312a498. ok? diff 91b40e30e0dbff0c8a1546a02fb784fa8007a91b /home/naddy/got blob - b581bbe3e8fc97d4d3215bc948d761fa9c4135e9 file + lib/fetch.c --- lib/fetch.c +++ lib/fetch.c @@ -157,7 +157,7 @@ dial_git(int *fetchfd, const char *host, const char *p const struct got_error *err = NULL; struct addrinfo hints, *servinfo, *p; char *cmd = NULL, *pkt = NULL; - int fd = -1, totlen, r, eaicode; + int fd = -1, len, r, eaicode; *fetchfd = -1; @@ -193,25 +193,14 @@ dial_git(int *fetchfd, const char *host, const char *p err = got_error_from_errno("asprintf"); goto done; } - totlen = 4 + strlen(cmd) + 1 + strlen("host=") + strlen(host) + 1; - if (asprintf(&pkt, "%04x%s", totlen, cmd) == -1) { + len = 4 + strlen(cmd) + 1 + strlen("host=") + strlen(host) + 1; + if (asprintf(&pkt, "%04x%s%chost=%s", len, cmd, '\0', host) == -1) { err = got_error_from_errno("asprintf"); goto done; } - r = write(fd, pkt, strlen(pkt) + 1); - if (r == -1) { + r = write(fd, pkt, len); + if (r == -1) err = got_error_from_errno("write"); - goto done; - } - if (asprintf(&pkt, "host=%s", host) == -1) { - err = got_error_from_errno("asprintf"); - goto done; - } - r = write(fd, pkt, strlen(pkt) + 1); - if (r == -1) { - err = got_error_from_errno("write"); - goto done; - } done: free(cmd); free(pkt); -- Christian "naddy" Weisgerber naddy@mips.inka.de