debuginfod-client.c: Avoid freeing uninitialized value

debuginfod_validate_imasig might call free on an uninitialized sig_buf due to a goto that can occur before sig_buf is set to NULL. Fix this by setting sig_buf to NULL before the goto. Signed-off-by: Aaron Merey <[email protected]>
author: Aaron Merey <[email protected]> 2025-01-24 19:43:19 -0500
committer: Aaron Merey <[email protected]> 2025-01-24 19:43:19 -0500
commit: 1be0787d6654ed71bf659e8bfd34895fea7589eb (patch)
tree: 13a5635af2ddacfa96babce2e8935fdfafa77f5c /debuginfod
parent: 4eff110a60cb9c7b77884c61f5925fe844c52acb (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/debuginfod/debuginfod-client.c b/debuginfod/debuginfod-client.c
index deff19ff..d89beae9 100644
--- a/debuginfod/debuginfod-client.c
+++ b/debuginfod/debuginfod-client.c
@@ -1587,6 +1587,7 @@ debuginfod_validate_imasig (debuginfod_client *c, int fd)
 {
   int rc = ENOSYS;
 
+    char* sig_buf = NULL;
     EVP_MD_CTX *ctx = NULL;
     if (!c || !c->winning_headers)
     {
@@ -1594,7 +1595,6 @@ debuginfod_validate_imasig (debuginfod_client *c, int fd)
       goto exit_validate;
     }
     // Extract the HEX IMA-signature from the header
-    char* sig_buf = NULL;
     char* hdr_ima_sig = strcasestr(c->winning_headers, "x-debuginfod-imasignature");
     if (!hdr_ima_sig || 1 != sscanf(hdr_ima_sig + strlen("x-debuginfod-imasignature:"), "%ms", &sig_buf))
     {
author	Aaron Merey <[email protected]>	2025-01-24 19:43:19 -0500
committer	Aaron Merey <[email protected]>	2025-01-24 19:43:19 -0500
commit	1be0787d6654ed71bf659e8bfd34895fea7589eb (patch)
tree	13a5635af2ddacfa96babce2e8935fdfafa77f5c /debuginfod
parent	4eff110a60cb9c7b77884c61f5925fe844c52acb (diff)