Automatically NULLify after gnutls_free()

This method prevents direct use-after-free and
double-free issues.

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

2 files changed, 17 insertions, 0 deletions

diff --git a/NEWS b/NEWS
index b171ef71e8..a59c12091f 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,19 @@ See the end for copying conditions.
 
 * Version 3.6.7 (unreleased)
 
+** libgnutls, gnutls tools: Every gnutls_free() will automatically set
+   the free'd pointer to NULL. This prevents possible use-after-free and
+   double free issues. Use-after-free will be turned into NULL dereference.
+   The counter-measure does not extend to applications using gnutls_free().
+
+** libgnutls, gnutls tools: Every gnutls_free() will automatically set
+   the free'd pointer to NULL. This prevents possible use-after-free and
+   double free issues. Use-after-free will be turned into NULL dereference,
+   effectively turning harmful attacks like remote-code-executions (RCE) into
+   segmentation faults. Double frees may also be used to achieve RCEs - turning
+   them into no-ops counter measures this attack at this point. 
+   This measurement is only active when building libgnutls and the gnutls tools.
+   
 ** libgnutls: enforce key usage limitations on certificates more actively.
    Previously we would enforce it for TLS1.2 protocol, now we enforce it
    even when TLS1.3 is negotiated, or on client certificates as well. When
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 2965889664..eb808e40b4 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -2194,6 +2194,10 @@ extern _SYM_EXPORT gnutls_realloc_function gnutls_realloc;
 extern _SYM_EXPORT gnutls_calloc_function gnutls_calloc;
 extern _SYM_EXPORT gnutls_free_function gnutls_free;
 
+#ifdef GNUTLS_INTERNAL_BUILD
+#define gnutls_free(a) gnutls_free((void *) (a)), a=NULL
+#endif
+
 extern _SYM_EXPORT char *(*gnutls_strdup) (const char *);
 
 /* a variant of memset that doesn't get optimized out */