mirror of
https://github.com/docker/docker-credential-helpers.git
synced 2026-06-13 16:01:28 +05:30
Fix a double free in the List functions
The code was set up so that it would free the individual items and the data in `freeListData`, but there was already a Go `defer` to free the data item, resulting in a double free. Remove the `free` in `freeListData` and leave the original one. In addition, move the `defer` for freeing the list data before the error check, so that the data is also free in the error case. This just removes a minor leak. This vulnerability was discovered by: Jasiel Spelman of Trend Micro Zero Day Initiative and Trend Micro Team Nebula Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This commit is contained in:
Justin Cormack
@@ -224,5 +224,4 @@ void freeListData(char *** data, unsigned int length) {
|
|||||||
for(int i=0; i<length; i++) {
|
for(int i=0; i<length; i++) {
|
||||||
free((*data)[i]);
|
free((*data)[i]);
|
||||||
}
|
}
|
||||||
free(*data);
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -109,6 +109,8 @@ func (h Osxkeychain) List() (map[string]string, error) {
|
|||||||
defer C.free(unsafe.Pointer(acctsC))
|
defer C.free(unsafe.Pointer(acctsC))
|
||||||
var listLenC C.uint
|
var listLenC C.uint
|
||||||
errMsg := C.keychain_list(credsLabelC, &pathsC, &acctsC, &listLenC)
|
errMsg := C.keychain_list(credsLabelC, &pathsC, &acctsC, &listLenC)
|
||||||
|
defer C.freeListData(&pathsC, listLenC)
|
||||||
|
defer C.freeListData(&acctsC, listLenC)
|
||||||
if errMsg != nil {
|
if errMsg != nil {
|
||||||
defer C.free(unsafe.Pointer(errMsg))
|
defer C.free(unsafe.Pointer(errMsg))
|
||||||
goMsg := C.GoString(errMsg)
|
goMsg := C.GoString(errMsg)
|
||||||
@@ -119,9 +121,6 @@ func (h Osxkeychain) List() (map[string]string, error) {
|
|||||||
return nil, errors.New(goMsg)
|
return nil, errors.New(goMsg)
|
||||||
}
|
}
|
||||||
|
|
||||||
defer C.freeListData(&pathsC, listLenC)
|
|
||||||
defer C.freeListData(&acctsC, listLenC)
|
|
||||||
|
|
||||||
var listLen int
|
var listLen int
|
||||||
listLen = int(listLenC)
|
listLen = int(listLenC)
|
||||||
pathTmp := (*[1 << 30]*C.char)(unsafe.Pointer(pathsC))[:listLen:listLen]
|
pathTmp := (*[1 << 30]*C.char)(unsafe.Pointer(pathsC))[:listLen:listLen]
|
||||||
|
|||||||
@@ -158,5 +158,4 @@ void freeListData(char *** data, unsigned int length) {
|
|||||||
for(i=0; i<length; i++) {
|
for(i=0; i<length; i++) {
|
||||||
free((*data)[i]);
|
free((*data)[i]);
|
||||||
}
|
}
|
||||||
free(*data);
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -92,12 +92,12 @@ func (h Secretservice) List() (map[string]string, error) {
|
|||||||
defer C.free(unsafe.Pointer(acctsC))
|
defer C.free(unsafe.Pointer(acctsC))
|
||||||
var listLenC C.uint
|
var listLenC C.uint
|
||||||
err := C.list(credsLabelC, &pathsC, &acctsC, &listLenC)
|
err := C.list(credsLabelC, &pathsC, &acctsC, &listLenC)
|
||||||
|
defer C.freeListData(&pathsC, listLenC)
|
||||||
|
defer C.freeListData(&acctsC, listLenC)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
defer C.g_error_free(err)
|
defer C.g_error_free(err)
|
||||||
return nil, errors.New("Error from list function in secretservice_linux.c likely due to error in secretservice library")
|
return nil, errors.New("Error from list function in secretservice_linux.c likely due to error in secretservice library")
|
||||||
}
|
}
|
||||||
defer C.freeListData(&pathsC, listLenC)
|
|
||||||
defer C.freeListData(&acctsC, listLenC)
|
|
||||||
|
|
||||||
resp := make(map[string]string)
|
resp := make(map[string]string)
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user