On 04/24/14 22:17, Alexander Hall wrote:
On 04/23/14 23:01, Ted Unangst wrote:
CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2014/04/23 15:01:15
Modified files:
lib/libssl/src/ssl: kssl.c
Log message:
null pointers after free to prevent double frees and worse. also fix a
Looking at the code, this looks like an effort in being proactive:
free(*princ);
*princ = NULL;
... nothing about 'princ'...
if ((*princ = calloc(1, length)) == NULL)
return KSSL_CTX_ERR;
However, would that not rather risk hiding potential use-after-free's by
not exposing a second free() later on?
(Note that I'm not talking about this specific example, in which the
NULL'ification of *princ appears totally pointless)
Or did I miss something here?
Still holds. :)
