• David Goulet's avatar
    Fix: set to NULL the sendsmp pointer when handling SMP · 70d1df0d
    David Goulet authored
    
    
    If err = otrl_proto_create_data(&mp, ...) returns an early error, then
    mp may not have yet been set to NULL.  If the calling code *both*
    (a) had not set mp to NULL to begin with, *and*
    (b) calls free(mp) _outside_ of the test for if (!err),
    then free(mp) will be freeing an uninitialized pointer.
    
    So ensure every call to otrl_proto_create_data either initializes its mp
    to NULL, or only frees mp if the call succeeds, or both.  There were two
    places where neither was happening.  Other places, one or the other was
    already happening.
    
    Also, for extra precaution, set the message pointer in
    otrl_proto_create_data() to NULL at the beginning.
    
    Thanks to Nicolas Guigo <nicolas.guigo@nccgroup.trust> and
    Ben Hawkes <hawkes@inertiawar.com> for the report.
    
    Fixes #72
    Signed-off-by: default avatarDavid Goulet <dgoulet@ev0ke.net>
    Signed-off-by: default avatarIan Goldberg <iang@cs.uwaterloo.ca>
    70d1df0d
proto.c 31.5 KB