The code was set up so that it would free the individual items and the data
in `freeListData`, but there was already a Go `defer` to free the data item,
resulting in a double free.
Remove the `free` in `freeListData` and leave the original one.
In addition, move the `defer` for freeing the list data before the error
check, so that the data is also free in the error case. This just removes
a minor leak.
This vulnerability was discovered by:
Jasiel Spelman of Trend Micro Zero Day Initiative and Trend Micro Team Nebula
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
* fetch credentials for server with matching hostname if scheme, path, or port are not provided
* if the credential request includes specific scheme, path, or port that does not match entry, don't return
* extract url helpers into a package
Signed-off-by: Emily Casey <ecasey@pivotal.io>
Signed-off-by: Danny Joyce <djoyce@pivotal.io>
* Fix storing URLs without scheme
If secrets are stored without specifying a scheme
(https://), the keychain-helper would interpret the
hostname as _path_, causing lookup of secrets to fail.
This patch makes sure that a scheme is added (if missing).
If no scheme is specified, https:// is used as a default.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* Have pre go1.8 compiler able to compile
Signed-off-by: Tibor Vass <teabee89@gmail.com>
* Fix URL parsing with port and no scheme
Signed-off-by: Nassim 'Nass' Eddequiouaq <eddequiouaq.nassim@gmail.com>
* Improve parseURL comment
Signed-off-by: Nassim 'Nass' Eddequiouaq <eddequiouaq.nassim@gmail.com>
This is a simplification of how the docker engine implements
this feature, but it will be ported there once this is merged.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Sebastiaan van Stijn