signature: don't leave a dangling pointer to the strings on parse failure

carlosmn · carlosmn · commit d1dbb3ae67c1 · 2017-07-12T07:41:37.000+02:00
If the signature is invalid but we detect that after allocating the strings, we
free them. We however leave that pointer dangling in the structure the caller
gave us, which can lead to double-free.

Set these pointers to `NULL` after freeing their memory to avoid this.
diff --git a/src/signature.c b/src/signature.c
@@ -231,6 +231,7 @@ int git_signature__parse(git_signature *sig, const char **buffer_out,
 		if (git__strtol64(&sig->when.time, time_start, &time_end, 10) < 0) {
 			git__free(sig->name);
 			git__free(sig->email);
+			sig->name = sig->email = NULL;
 			return signature_error("invalid Unix timestamp");
 		}
 

Original file line number	Diff line number	Diff line change
`@@ -231,6 +231,7 @@ int git_signature__parse(git_signature sig, const char *buffer_out,`
`231`	`231`	`if (git__strtol64(&sig->when.time, time_start, &time_end, 10) < 0) {`
`232`	`232`	`git__free(sig->name);`
`233`	`233`	`git__free(sig->email);`
	`234`	`+ sig->name = sig->email = NULL;`
`234`	`235`	`return signature_error("invalid Unix timestamp");`
`235`	`236`	`}`
`236`	`237`