path: root/gpg-interface.c
diff options
authorJeff King <>2016-06-17 23:38:43 (GMT)
committerJunio C Hamano <>2016-06-18 00:03:56 (GMT)
commit4322353bfb53a83e6657af50603d3521ee9d7d0c (patch)
treeddfc44a7a1f337a93237d434473cc8b52b3effff /gpg-interface.c
parentc752fcc8e0df02c6b1bd4daec1d08f0f2bcca58a (diff)
verify_signed_buffer: use tempfile object
We use git_mkstemp to create a temporary file, and try to clean it up in all exit paths from the function. But that misses any cases where we die by signal, or by calling die() in a sub-function. In addition, we missed one of the exit paths. Let's convert to using a tempfile object, which handles the hard cases for us, and add the missing cleanup call. Note that we would not simply want to rely on program exit to catch our missed cleanup, as this function may be called many times in a single program (for the same reason, we use a static tempfile instead of heap-allocating a new one; that gives an upper bound on our memory usage). Signed-off-by: Jeff King <> Signed-off-by: Junio C Hamano <>
Diffstat (limited to 'gpg-interface.c')
1 files changed, 13 insertions, 8 deletions
diff --git a/gpg-interface.c b/gpg-interface.c
index 216cad8..854c1e5 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -3,6 +3,7 @@
#include "strbuf.h"
#include "gpg-interface.h"
#include "sigchain.h"
+#include "tempfile.h"
static char *configured_signing_key;
static const char *gpg_program = "gpg";
@@ -208,28 +209,32 @@ int verify_signed_buffer(const char *payload, size_t payload_size,
struct strbuf *gpg_output, struct strbuf *gpg_status)
struct child_process gpg = CHILD_PROCESS_INIT;
- char path[PATH_MAX];
+ static struct tempfile temp;
int fd, ret;
struct strbuf buf = STRBUF_INIT;
- fd = git_mkstemp(path, PATH_MAX, ".git_vtag_tmpXXXXXX");
+ fd = mks_tempfile_t(&temp, ".git_vtag_tmpXXXXXX");
if (fd < 0)
- return error_errno(_("could not create temporary file '%s'"), path);
- if (write_in_full(fd, signature, signature_size) < 0)
- return error_errno(_("failed writing detached signature to '%s'"), path);
+ return error_errno(_("could not create temporary file"));
+ if (write_in_full(fd, signature, signature_size) < 0) {
+ error_errno(_("failed writing detached signature to '%s'"),
+ temp.filename.buf);
+ delete_tempfile(&temp);
+ return -1;
+ }
- "--verify", path, "-",
+ "--verify", temp.filename.buf, "-",
NULL); = -1;
gpg.out = -1;
if (gpg_output)
gpg.err = -1;
if (start_command(&gpg)) {
- unlink(path);
+ delete_tempfile(&temp);
return error(_("could not run gpg."));
@@ -249,7 +254,7 @@ int verify_signed_buffer(const char *payload, size_t payload_size,
ret = finish_command(&gpg);
- unlink_or_warn(path);
+ delete_tempfile(&temp);
ret |= !strstr(gpg_status->buf, "\n[GNUPG:] GOODSIG ");
strbuf_release(&buf); /* no matter it was used or not */