From 890cb959a9153152a7add29042c55b8a3d07e717 Mon Sep 17 00:00:00 2001 From: Enrico Joerns Date: Tue, 1 Mar 2022 22:19:50 +0100 Subject: [PATCH] src/bundle: fix leaking digest and salt in check_bundle_payload() The binary data returned by r_hex_decode() is not freed. Fix it. Fixes coverity issue: | CID 1445503 (#1 of 1): Resource leak (RESOURCE_LEAK) | 23. leaked_storage: Variable root_digest going out of scope leaks the storage it points to. --- src/bundle.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/bundle.c b/src/bundle.c index f505de175..f23a6958d 100644 --- a/src/bundle.c +++ b/src/bundle.c @@ -1756,8 +1756,8 @@ gboolean check_bundle_payload(RaucBundle *bundle, GError **error) g_error("plain bundles must be verified during signature check"); } else if (bundle->manifest->bundle_format == R_MANIFEST_FORMAT_VERITY) { int bundlefd = g_file_descriptor_based_get_fd(G_FILE_DESCRIPTOR_BASED(bundle->stream)); - guint8 *root_digest = r_hex_decode(bundle->manifest->bundle_verity_hash, 32); - guint8 *salt = r_hex_decode(bundle->manifest->bundle_verity_salt, 32); + g_autofree guint8 *root_digest = r_hex_decode(bundle->manifest->bundle_verity_hash, 32); + g_autofree guint8 *salt = r_hex_decode(bundle->manifest->bundle_verity_salt, 32); off_t combined_size = bundle->size; off_t data_size = bundle->size - bundle->manifest->bundle_verity_size; g_assert(root_digest);