| author | Lars Hjemli <hjemli@gmail.com> | 2006-12-12 09:16:41 (UTC) |
|---|---|---|
| committer | Lars Hjemli <hjemli@gmail.com> | 2006-12-12 09:16:41 (UTC) |
| commit | 58d04f6523b0029281d65f841859fa42d0c744ff (patch) (side-by-side diff) | |
| tree | ed52e95047ccbb99152f7d3f009e57687e6452f1 | |
| parent | fbaf1171b4e343929dd43ecac7cd9d1c692b84ec (diff) | |
| download | cgit-58d04f6523b0029281d65f841859fa42d0c744ff.zip cgit-58d04f6523b0029281d65f841859fa42d0c744ff.tar.gz cgit-58d04f6523b0029281d65f841859fa42d0c744ff.tar.bz2 | |
cache_lock: do xstrdup/free on lockfile
Since fmt() uses 8 alternating static buffers, and cache_lock might call
cache_create_dirs() multiple times, which in turn might call fmt() twice,
after four iterations lockfile would be overwritten by a cachedirectory
path.
In worst case, this could cause the cachedirectory to be unlinked and replaced
by a cachefile.
Fix: use xstrdup() on the result from fmt() before assigning to lockfile, and
call free(lockfile) before exit.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| -rw-r--r-- | cache.c | 3 |
1 files changed, 2 insertions, 1 deletions
@@ -71,13 +71,13 @@ int cache_refill_overdue(const char *lockfile) return (time(NULL) - st.st_mtime > cgit_cache_max_create_time); } int cache_lock(struct cacheitem *item) { int i = 0; - char *lockfile = fmt("%s.lock", item->name); + char *lockfile = xstrdup(fmt("%s.lock", item->name)); top: if (++i > cgit_max_lock_attempts) die("cache_lock: unable to lock %s: %s", item->name, strerror(errno)); @@ -87,12 +87,13 @@ int cache_lock(struct cacheitem *item) goto top; if (item->fd == NOLOCK && errno == EEXIST && cache_refill_overdue(lockfile) && !unlink(lockfile)) goto top; + free(lockfile); return (item->fd > 0); } int cache_unlock(struct cacheitem *item) { close(item->fd); |