Clean up possible use after free. The value of the handles pointer may change, but if it doesn't then free is being called twice on the same address.
Signed-off-by: Jerry Snitselaar <[email protected]> --- src/tspi/tsp_auth.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/tspi/tsp_auth.c b/src/tspi/tsp_auth.c index d538079..5a97e6e 100755 --- a/src/tspi/tsp_auth.c +++ b/src/tspi/tsp_auth.c @@ -1221,17 +1221,17 @@ Transport_TerminateHandle(TSS_HCONTEXT tspContext, /* in */ } *handles = handle; - handles_track = handles; + handles_track = handles; - // Since the call tree of this function can possibly alloc memory - // (check RPC_ExecuteTransport_TP function), its better to keep track of - // the handle. + // Since the call tree of this function can possibly alloc memory + // (check RPC_ExecuteTransport_TP function), its better to keep track of + // the handle. result = obj_context_transport_execute(tspContext, TPM_ORD_Terminate_Handle, 0, NULL, NULL, &handlesLen, &handles, NULL, NULL, NULL, NULL); - free(handles); - handles = NULL; - free(handles_track); + if (handles != handles_track) + free(handles); + free(handles_track); return result; } -- 2.20.1.98.gecbdaf0899 _______________________________________________ TrouSerS-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-tech
