From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Sun, 6 Oct 2019 21:16:01 +0000 (+0100)
Subject: rsa1: rsa_loadpriv_core: Always free b, and zero things we free
X-Git-Tag: v0.6.0~177
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=secnet.git;a=commitdiff_plain;h=717c472de2c8b65950ebaca09666718fb670bcb4

rsa1: rsa_loadpriv_core: Always free b, and zero things we free

Make the FREE macro zero its argument.  This makes it idempotent.

This means that at the end of the function, and at all points where
LD* is called, b is either from malloc and freeable, or null.  It is
never a free'd pointer.

So we can free it.  This is moving us towards always unconditionally
freeing everything on the exit path, to support non-fatal early
return.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---

diff --git a/rsa.c b/rsa.c
index 790f7cc..9c14e55 100644
--- a/rsa.c
+++ b/rsa.c
@@ -352,7 +352,7 @@ static uint16_t keyfile_get_short(struct cloc loc, FILE *f)
 #define LDUNSUP(...)           cfgfatal(loc,"rsa-private",__VA_ARGS__)
 #define LDFATAL_FILE(...) cfgfatal_maybefile(f,loc,"rsa-private",__VA_ARGS__)
 #define LDUNSUP_FILE(...) cfgfatal_maybefile(f,loc,"rsa-private",__VA_ARGS__)
-#define FREE(b)                free(b)
+#define FREE(b)                ({ free((b)); (b)=0; })
 
 static void rsapriv_dispose(void *sst)
 {
@@ -580,6 +580,7 @@ assume_valid:
     mpz_clear(&tmp2);
     mpz_clear(&tmp3);
 
+    FREE(b);
     FREE(c);
     mpz_clear(&e);
     mpz_clear(&d);