From: Mark Wooding <mdw@distorted.org.uk>
Date: Sun, 28 May 2017 18:03:08 +0000 (+0100)
Subject: ec.c: Fix embarrassing use-after-free in EC point hashing.
X-Git-Tag: 1.2.1~3
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/catacomb-python/commitdiff_plain/9acb0b54f55caafbb0d5ec603238832ffac573f2

ec.c: Fix embarrassing use-after-free in EC point hashing.

The hashed data is sometimes (unpredictably) mangled by freeing causing
hash mismatches, which is annoying.  Also, obviously incorrect.
---

diff --git a/ec.c b/ec.c
index 0489bc0..c603489 100644
--- a/ec.c
+++ b/ec.c
@@ -204,8 +204,8 @@ static long ecpt_pyhash(PyObject *me)
   EC_OUT(ECPT_C(me), &p, ECPT_P(me));
   ec_putraw(ECPT_C(me), &b, &p);
   EC_DESTROY(&p);
-  xfree(q);
   h = unihash_hash(&unihash_global, h, BBASE(&b), BLEN(&b));
+  xfree(q);
   return (h % LONG_MAX);
 }