http: clean up leak in init_curl_http_auth

When we have a credential to give to curl, we must copy it
into a "user:pass" buffer and then hand the buffer to curl.
Old versions of curl did not copy the buffer, and we were
expected to keep it valid. Newer versions of curl will copy
the buffer.

Our solution was to use a strbuf and detach it, giving
ownership of the resulting buffer to curl. However, this
meant that we were leaking the buffer on newer versions of
curl, since curl was just copying it and throwing away the
string we passed. Furthermore, when we replaced a
credential (e.g., because our original one was rejected), we
were also leaking on both old and new versions of curl.

This got even worse in the last patch, which started
replacing the credential (and thus leaking) on every http
request.

Instead, let's use a static buffer to make the ownership
more clear and less leaky.  We already keep a static "struct
credential", so we are only handling a single credential at
a time, anyway.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/http.c b/http.c
index c6dc9b778ed0dd10e710b742b7fe9df147cb2954..eaf7f40d134d83309d0b0e464dd60eec4dae50dd 100644 (file)
--- a/http.c
+++ b/http.c
@@ -211,12 +211,12 @@ static int http_options(const char *var, const char *value, void *cb)
 static void init_curl_http_auth(CURL *result)
 {
        if (http_auth.username) {
-               struct strbuf up = STRBUF_INIT;
+               static struct strbuf up = STRBUF_INIT;
                credential_fill(&http_auth);
+               strbuf_reset(&up);
                strbuf_addf(&up, "%s:%s",
                            http_auth.username, http_auth.password);
-               curl_easy_setopt(result, CURLOPT_USERPWD,
-                                strbuf_detach(&up, NULL));
+               curl_easy_setopt(result, CURLOPT_USERPWD, up.buf);
        }
 }