ostree-sign.ed25519/spki: Fix double free in set_sk()

When the gvariant is G_VARIANT_TYPE_BYTESTRING we need to duplicate
the data we get from g_variant_get_fixed_array(), otherwise we will
double-free it when we later free sign->secret_key.

diff --git a/src/libostree/ostree-sign-ed25519.c b/src/libostree/ostree-sign-ed25519.c
index b7718880e5fdb2ca08ab2ccdfc5cfc1f44d8fbc3..e51080986ae3af108e6f39993ecb35ff46196b78 100644 (file)
--- a/src/libostree/ostree-sign-ed25519.c
+++ b/src/libostree/ostree-sign-ed25519.c
@@ -367,8 +367,8 @@ ostree_sign_ed25519_set_sk (OstreeSign *self, GVariant *secret_key, GError **err
     }
   else if (g_variant_is_of_type (secret_key, G_VARIANT_TYPE_BYTESTRING))
     {
-      secret_key_buf
-          = (guchar *)g_variant_get_fixed_array (secret_key, &n_elements, sizeof (guchar));
+      const guchar *data = g_variant_get_fixed_array (secret_key, &n_elements, sizeof (guchar));
+      secret_key_buf = g_memdup (data, n_elements);
     }
   else
     {

diff --git a/src/libostree/ostree-sign-spki.c b/src/libostree/ostree-sign-spki.c
index 5ad81da3993fbe198ccdab3906d51fa0e7d42beb..9a268325251385d019ffff5646a552f61b6b8d9b 100644 (file)
--- a/src/libostree/ostree-sign-spki.c
+++ b/src/libostree/ostree-sign-spki.c
@@ -343,8 +343,8 @@ ostree_sign_spki_set_sk (OstreeSign *self, GVariant *secret_key, GError **error)
     }
   else if (g_variant_is_of_type (secret_key, G_VARIANT_TYPE_BYTESTRING))
     {
-      secret_key_buf
-          = (guchar *)g_variant_get_fixed_array (secret_key, &n_elements, sizeof (guchar));
+      const guchar *data = g_variant_get_fixed_array (secret_key, &n_elements, sizeof (guchar));
+      secret_key_buf = g_memdup (data, n_elements);
     }
   else
     {