Re: Ownership handling of the "remote name" buffer given to `remote_get` is inconsistent

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Jun 20, 2024 at 04:53:11AM +0900, Mike Hommey wrote:

> When you call `remote_get(name)`, you may end up giving ownership of
> `name` to the remote, such that if you `free(name)`, using the remote
> after that may lead to use-after-free. Of course, this is a
> use-libgit-as-a-library situation; I don't think it happens in actual
> git code.

Try this recent series:

  https://lore.kernel.org/git/20240614102439.GA222287@xxxxxxxxxxxxxxxxxxxxxxx/

especially patches 2 and 3. Junio has it queued as jk/remote-wo-url.
Also, you might want to check the later patches to make sure the
cleanups don't cause any problems for your use case.

-Peff




[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux