From: tedu <tedu@openbsd.org>
Date: Wed, 23 Apr 2014 21:01:15 +0000 (+0000)
Subject: null pointers after free to prevent double frees and worse. also fix a
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=62a544929dda5e05cd9ea08f47d026b4ed3dc91e;p=openbsd

null pointers after free to prevent double frees and worse. also fix a
very obvious use after free. this file may still be a total loss.
---

diff --git a/lib/libssl/src/ssl/kssl.c b/lib/libssl/src/ssl/kssl.c
index b4ddab75972..9e71eed9fac 100644
--- a/lib/libssl/src/ssl/kssl.c
+++ b/lib/libssl/src/ssl/kssl.c
@@ -898,8 +898,8 @@ kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, krb5_data *realm,
 		return KSSL_CTX_ERR;
 		break;
 	}
-	if (*princ)
-		free(*princ);
+	free(*princ);
+	*princ = NULL;
 
 	/* Add up all the entity->lengths */
 	length = 0;
@@ -960,18 +960,11 @@ kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text)
 		return KSSL_CTX_ERR;
 		break;
 	}
-	if (*string)
-		free(*string);
+	free(*string);
+	*string = NULL;
 
-	if (!text) {
-		*string = '\0';
-		return KSSL_CTX_OK;
-	}
-
-	if ((*string = calloc(1, strlen(text) + 1)) == NULL)
+	if ((*string = strdup(text ? text : "")) == NULL)
 		return KSSL_CTX_ERR;
-	else
-		memcpy(*string, text, strlen(text) + 1);
 
 	return KSSL_CTX_OK;
 }
@@ -993,6 +986,7 @@ kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session)
 	if (kssl_ctx->key) {
 		OPENSSL_cleanse(kssl_ctx->key, kssl_ctx->length);
 		free(kssl_ctx->key);
+		kssl_ctx->key = NULL;
 	}
 
 	if (session) {