src/bundle: fix leaking digest and salt in check_bundle_payload()

The binary data returned by r_hex_decode() is not freed. Fix it. Fixes coverity issue: | CID 1445503 (#1 of 1): Resource leak (RESOURCE_LEAK) | 23. leaked_storage: Variable root_digest going out of scope leaks the storage it points to.
ejoerns · Mar 2, 2022 · a75494a · a75494a
1 parent 8e4bc16
commit a75494a
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/bundle.c b/src/bundle.c
@@ -1720,8 +1720,8 @@ gboolean check_bundle_payload(RaucBundle *bundle, GError **error)
 		g_error("plain bundles must be verified during signature check");
 	} else if (bundle->manifest->bundle_format == R_MANIFEST_FORMAT_VERITY) {
 		int bundlefd = g_file_descriptor_based_get_fd(G_FILE_DESCRIPTOR_BASED(bundle->stream));
-		guint8 *root_digest = r_hex_decode(bundle->manifest->bundle_verity_hash, 32);
-		guint8 *salt = r_hex_decode(bundle->manifest->bundle_verity_salt, 32);
+		g_autofree guint8 *root_digest = r_hex_decode(bundle->manifest->bundle_verity_hash, 32);
+		g_autofree guint8 *salt = r_hex_decode(bundle->manifest->bundle_verity_salt, 32);
 		off_t combined_size = bundle->size;
 		off_t data_size = bundle->size - bundle->manifest->bundle_verity_size;
 		g_assert(root_digest);