verify_signed_buffer: use tempfile object

We use git_mkstemp to create a temporary file, and try to
clean it up in all exit paths from the function. But that
misses any cases where we die by signal, or by calling die()
in a sub-function. In addition, we missed one of the exit
paths.

Let's convert to using a tempfile object, which handles the
hard cases for us, and add the missing cleanup call. Note
that we would not simply want to rely on program exit to
catch our missed cleanup, as this function may be called
many times in a single program (for the same reason, we use
a static tempfile instead of heap-allocating a new one; that
gives an upper bound on our memory usage).

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Jeff King 2016-06-17 19:38:43 -04:00 коммит произвёл Junio C Hamano
Родитель c752fcc8e0
Коммит 4322353bfb
1 изменённых файлов: 13 добавлений и 8 удалений

Просмотреть файл

@ -3,6 +3,7 @@
#include "strbuf.h"
#include "gpg-interface.h"
#include "sigchain.h"
#include "tempfile.h"
static char *configured_signing_key;
static const char *gpg_program = "gpg";
@ -208,28 +209,32 @@ int verify_signed_buffer(const char *payload, size_t payload_size,
struct strbuf *gpg_output, struct strbuf *gpg_status)
{
struct child_process gpg = CHILD_PROCESS_INIT;
char path[PATH_MAX];
static struct tempfile temp;
int fd, ret;
struct strbuf buf = STRBUF_INIT;
fd = git_mkstemp(path, PATH_MAX, ".git_vtag_tmpXXXXXX");
fd = mks_tempfile_t(&temp, ".git_vtag_tmpXXXXXX");
if (fd < 0)
return error_errno(_("could not create temporary file '%s'"), path);
if (write_in_full(fd, signature, signature_size) < 0)
return error_errno(_("failed writing detached signature to '%s'"), path);
return error_errno(_("could not create temporary file"));
if (write_in_full(fd, signature, signature_size) < 0) {
error_errno(_("failed writing detached signature to '%s'"),
temp.filename.buf);
delete_tempfile(&temp);
return -1;
}
close(fd);
argv_array_pushl(&gpg.args,
gpg_program,
"--status-fd=1",
"--verify", path, "-",
"--verify", temp.filename.buf, "-",
NULL);
gpg.in = -1;
gpg.out = -1;
if (gpg_output)
gpg.err = -1;
if (start_command(&gpg)) {
unlink(path);
delete_tempfile(&temp);
return error(_("could not run gpg."));
}
@ -249,7 +254,7 @@ int verify_signed_buffer(const char *payload, size_t payload_size,
ret = finish_command(&gpg);
sigchain_pop(SIGPIPE);
unlink_or_warn(path);
delete_tempfile(&temp);
ret |= !strstr(gpg_status->buf, "\n[GNUPG:] GOODSIG ");
strbuf_release(&buf); /* no matter it was used or not */