cache_lock: do xstrdup/free on lockfile

Since fmt() uses 8 alternating static buffers, and cache_lock might call
cache_create_dirs() multiple times, which in turn might call fmt() twice,
after four iterations lockfile would be overwritten by a cachedirectory
path.

In worst case, this could cause the cachedirectory to be unlinked and replaced
by a cachefile.

Fix: use xstrdup() on the result from fmt() before assigning to lockfile, and
call free(lockfile) before exit.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
This commit is contained in:
Lars Hjemli 2006-12-12 10:16:41 +01:00
parent fbaf1171b4
commit 58d04f6523

View File

@ -74,7 +74,7 @@ int cache_refill_overdue(const char *lockfile)
int cache_lock(struct cacheitem *item) int cache_lock(struct cacheitem *item)
{ {
int i = 0; int i = 0;
char *lockfile = fmt("%s.lock", item->name); char *lockfile = xstrdup(fmt("%s.lock", item->name));
top: top:
if (++i > cgit_max_lock_attempts) if (++i > cgit_max_lock_attempts)
@ -90,6 +90,7 @@ int cache_lock(struct cacheitem *item)
cache_refill_overdue(lockfile) && !unlink(lockfile)) cache_refill_overdue(lockfile) && !unlink(lockfile))
goto top; goto top;
free(lockfile);
return (item->fd > 0); return (item->fd > 0);
} }