rsa1: rsa_loadpriv_core: Always free b, and zero things we free

Make the FREE macro zero its argument.  This makes it idempotent.

This means that at the end of the function, and at all points where
LD* is called, b is either from malloc and freeable, or null.  It is
never a free'd pointer.

So we can free it.  This is moving us towards always unconditionally
freeing everything on the exit path, to support non-fatal early
return.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

diff --git a/rsa.c b/rsa.c
index 790f7cc0a0e7513d1e3dd9324f255e55b24531b1..9c14e5572f99d5a3f786a76eaa229fdfd6677360 100644 (file)
--- a/rsa.c
+++ b/rsa.c
@@ -352,7 +352,7 @@ static uint16_t keyfile_get_short(struct cloc loc, FILE *f)
 #define LDUNSUP(...)           cfgfatal(loc,"rsa-private",__VA_ARGS__)
 #define LDFATAL_FILE(...) cfgfatal_maybefile(f,loc,"rsa-private",__VA_ARGS__)
 #define LDUNSUP_FILE(...) cfgfatal_maybefile(f,loc,"rsa-private",__VA_ARGS__)
-#define FREE(b)                free(b)
+#define FREE(b)                ({ free((b)); (b)=0; })
 
 static void rsapriv_dispose(void *sst)
 {
@@ -580,6 +580,7 @@ assume_valid:
     mpz_clear(&tmp2);
     mpz_clear(&tmp3);
 
+    FREE(b);
     FREE(c);
     mpz_clear(&e);
     mpz_clear(&d);