From: Stefan Sperling <stsp@stsp.name>
Subject: plug memleaks in got-fetch-pack and got-send-pack
To: gameoftrees@openbsd.org
Date: Thu, 7 Oct 2021 10:26:57 +0200

The id_str and refname results of got_gitproto_parse_refline()
were allocated with strdup(3) and must be freed during every
iteration of the loop which parses reflines, not just when the
current function exits.

ok?

diff a53105bc1dc8eafebe5163086c669a3b638435aa /home/stsp/src/got
blob - 171700f1fa26666e69adceb379ea1e594e5513d7
file + libexec/got-fetch-pack/got-fetch-pack.c
--- libexec/got-fetch-pack/got-fetch-pack.c
+++ libexec/got-fetch-pack/got-fetch-pack.c
@@ -377,6 +377,10 @@ fetch_pack(int fd, int packfd, uint8_t *pack_sha1,
 					break;
 				}
 			}
+			free(id_str);
+			id_str = NULL;
+			free(refname);
+			refname = NULL;
 			continue;
 		}
 		if (strstr(refname, "^{}")) {
@@ -384,6 +388,10 @@ fetch_pack(int fd, int packfd, uint8_t *pack_sha1,
 				fprintf(stderr, "%s: ignoring %s\n",
 				    getprogname(), refname);
 			}
+			free(id_str);
+			id_str = NULL;
+			free(refname);
+			refname = NULL;
 			continue;
 		}
 
@@ -401,6 +409,10 @@ fetch_pack(int fd, int packfd, uint8_t *pack_sha1,
 						    "%s: ignoring %s\n",
 						    getprogname(), refname);
 					}
+					free(id_str);
+					id_str = NULL;
+					free(refname);
+					refname = NULL;
 					continue;
 				}
 				found_branch = 1;
@@ -411,6 +423,10 @@ fetch_pack(int fd, int packfd, uint8_t *pack_sha1,
 						    "%s: ignoring %s\n",
 						    getprogname(), refname);
 					}
+					free(id_str);
+					id_str = NULL;
+					free(refname);
+					refname = NULL;
 					continue;
 				}
 				found_branch = 1;
@@ -427,6 +443,10 @@ fetch_pack(int fd, int packfd, uint8_t *pack_sha1,
 						    "%s: ignoring %s\n",
 						    getprogname(), refname);
 					}
+					free(id_str);
+					id_str = NULL;
+					free(refname);
+					refname = NULL;
 					continue;
 				}
 				found_branch = 1;
@@ -435,6 +455,10 @@ fetch_pack(int fd, int packfd, uint8_t *pack_sha1,
 					fprintf(stderr, "%s: ignoring %s\n",
 					    getprogname(), refname);
 				}
+				free(id_str);
+				id_str = NULL;
+				free(refname);
+				refname = NULL;
 				continue;
 			}
 		}
@@ -480,6 +504,10 @@ fetch_pack(int fd, int packfd, uint8_t *pack_sha1,
 			free(mine);
 		}
 		nref++;
+		free(id_str);
+		id_str = NULL;
+		free(refname);
+		refname = NULL;
 	}
 
 	if (list_refs_only)
blob - eb8f383cfa96ab51e90ae06602d44b10e2336430
file + libexec/got-send-pack/got-send-pack.c
--- libexec/got-send-pack/got-send-pack.c
+++ libexec/got-send-pack/got-send-pack.c
@@ -376,6 +376,10 @@ send_pack(int fd, struct got_pathlist_head *refs,
 				fprintf(stderr, "%s: ignoring %s\n",
 				    getprogname(), refname);
 			}
+			free(id_str);
+			id_str = NULL;
+			free(refname);
+			refname = NULL;
 			continue;
 		}