On 04/23/14 23:01, Ted Unangst wrote:
CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2014/04/23 15:01:15
Modified files:
lib/libssl/src/ssl: kssl.c
Log message:
null pointers after free to prevent double frees and worse. also fix a
Looking at the code, this looks like an effort in being proactive:
free(*princ);
*princ = NULL;
... nothing about 'princ'...
if ((*princ = calloc(1, length)) == NULL)
return KSSL_CTX_ERR;
However, would that not rather risk hiding potential use-after-free's by
not exposing a second free() later on?
I can see the point in some code paths, where we later on cannot know
whether it's allocated or not, e.g.
ptr = malloc(100);
if(foo) goto cleanup;
free(ptr);
ptr=NULL;
...
cleanup:
free(ptr);
but in general, I'm not convinced this is a good thing.
Or did I miss something here?
/Alexander
very obvious use after free. this file may still be a total loss.
