From 4e42790818d811c80b64fcdc5608755d5dcac43e Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Fri, 26 Sep 2025 15:12:16 +0200
Subject: [PATCH] ostree-sign.ed25519/spki: Fix double free in set_sk()

When the gvariant is G_VARIANT_TYPE_BYTESTRING we need to duplicate
the data we get from g_variant_get_fixed_array(), otherwise we will
double-free it when we later free sign->secret_key.
---
 src/libostree/ostree-sign-ed25519.c | 4 ++--
 src/libostree/ostree-sign-spki.c    | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/libostree/ostree-sign-ed25519.c b/src/libostree/ostree-sign-ed25519.c
index b7718880..e5108098 100644
--- a/src/libostree/ostree-sign-ed25519.c
+++ b/src/libostree/ostree-sign-ed25519.c
@@ -367,8 +367,8 @@ ostree_sign_ed25519_set_sk (OstreeSign *self, GVariant *secret_key, GError **err
     }
   else if (g_variant_is_of_type (secret_key, G_VARIANT_TYPE_BYTESTRING))
     {
-      secret_key_buf
-          = (guchar *)g_variant_get_fixed_array (secret_key, &n_elements, sizeof (guchar));
+      const guchar *data = g_variant_get_fixed_array (secret_key, &n_elements, sizeof (guchar));
+      secret_key_buf = g_memdup (data, n_elements);
     }
   else
     {
diff --git a/src/libostree/ostree-sign-spki.c b/src/libostree/ostree-sign-spki.c
index 5ad81da3..9a268325 100644
--- a/src/libostree/ostree-sign-spki.c
+++ b/src/libostree/ostree-sign-spki.c
@@ -343,8 +343,8 @@ ostree_sign_spki_set_sk (OstreeSign *self, GVariant *secret_key, GError **error)
     }
   else if (g_variant_is_of_type (secret_key, G_VARIANT_TYPE_BYTESTRING))
     {
-      secret_key_buf
-          = (guchar *)g_variant_get_fixed_array (secret_key, &n_elements, sizeof (guchar));
+      const guchar *data = g_variant_get_fixed_array (secret_key, &n_elements, sizeof (guchar));
+      secret_key_buf = g_memdup (data, n_elements);
     }
   else
     {
-- 
2.30.2