diff options
| author | Tim Rühsen <tim.ruehsen@gmx.de> | 2019-02-23 22:21:09 +0000 |
|---|---|---|
| committer | Tim Rühsen <tim.ruehsen@gmx.de> | 2019-02-23 22:21:09 +0000 |
| commit | 115779ad2e3f27f8cc4b5ad9956a22a3921d6edd (patch) | |
| tree | 0850345c8f43dbbc9b058cb8bba23038508b6933 | |
| parent | c0af09dee671d90f69e40fdfa5e0117cd995ef18 (diff) | |
| parent | 6b5cbc9ea5bdca704bdbe2f8fb551f720d634bc6 (diff) | |
| download | gnutls-115779ad2e3f27f8cc4b5ad9956a22a3921d6edd.tar.gz | |
Merge branch 'tmp-reset-after-free' into 'master'
Automatically NULLify after gnutls_free()
See merge request gnutls/gnutls!923
49 files changed, 28 insertions, 97 deletions
@@ -7,6 +7,19 @@ See the end for copying conditions. * Version 3.6.7 (unreleased) +** libgnutls, gnutls tools: Every gnutls_free() will automatically set + the free'd pointer to NULL. This prevents possible use-after-free and + double free issues. Use-after-free will be turned into NULL dereference. + The counter-measure does not extend to applications using gnutls_free(). + +** libgnutls, gnutls tools: Every gnutls_free() will automatically set + the free'd pointer to NULL. This prevents possible use-after-free and + double free issues. Use-after-free will be turned into NULL dereference, + effectively turning harmful attacks like remote-code-executions (RCE) into + segmentation faults. Double frees may also be used to achieve RCEs - turning + them into no-ops counter measures this attack at this point. + This measurement is only active when building libgnutls and the gnutls tools. + ** libgnutls: enforce key usage limitations on certificates more actively. Previously we would enforce it for TLS1.2 protocol, now we enforce it even when TLS1.3 is negotiated, or on client certificates as well. When diff --git a/lib/auth.c b/lib/auth.c index dd3fc861fb..4a0e38b444 100644 --- a/lib/auth.c +++ b/lib/auth.c @@ -372,8 +372,6 @@ void _gnutls_free_auth_info(gnutls_session_t session) gnutls_free(info->raw_certificate_list); gnutls_free(info->raw_ocsp_list); - info->raw_certificate_list = NULL; - info->raw_ocsp_list = NULL; info->ncerts = 0; info->nocsp = 0; @@ -390,7 +388,6 @@ void _gnutls_free_auth_info(gnutls_session_t session) } gnutls_free(session->key.auth_info); - session->key.auth_info = NULL; session->key.auth_info_size = 0; session->key.auth_info_type = 0; diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c index d5d0943242..e58b0a1331 100644 --- a/lib/auth/rsa.c +++ b/lib/auth/rsa.c @@ -200,9 +200,8 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data, ret = gnutls_rnd(GNUTLS_RND_NONCE, session->key.key.data, GNUTLS_MASTER_SIZE); if (ret < 0) { - gnutls_free(session->key.key.data); - session->key.key.data = NULL; - session->key.key.size = 0; + gnutls_free(session->key.key.data); + session->key.key.size = 0; gnutls_assert(); return ret; } diff --git a/lib/auth/rsa_psk.c b/lib/auth/rsa_psk.c index 791fcd8bb7..387bfd403e 100644 --- a/lib/auth/rsa_psk.c +++ b/lib/auth/rsa_psk.c @@ -341,7 +341,6 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data, ("auth_rsa_psk: Possible PKCS #1 format attack\n"); if (ret >= 0) { gnutls_free(plaintext.data); - plaintext.data = NULL; } randomize_key = 1; } else { diff --git a/lib/auth/srp_sb64.c b/lib/auth/srp_sb64.c index 1177e76719..7bfffdf070 100644 --- a/lib/auth/srp_sb64.c +++ b/lib/auth/srp_sb64.c @@ -263,7 +263,6 @@ _gnutls_sbase64_decode(char *data, size_t idata_size, uint8_t ** result) tmp = decode(tmpres, datrev); if (tmp < 0) { gnutls_free((*result)); - *result = NULL; return tmp; } @@ -277,7 +276,6 @@ _gnutls_sbase64_decode(char *data, size_t idata_size, uint8_t ** result) tmp = decode(tmpres, (uint8_t *) & data[i]); if (tmp < 0) { gnutls_free((*result)); - *result = NULL; return tmp; } memcpy(&(*result)[j], tmpres, tmp); diff --git a/lib/cert-cred-x509.c b/lib/cert-cred-x509.c index 257f1b989a..925c09b3d5 100644 --- a/lib/cert-cred-x509.c +++ b/lib/cert-cred-x509.c @@ -265,7 +265,6 @@ parse_pem_cert_mem(gnutls_certificate_credentials_t res, gnutls_pcert_import_x509_list(pcerts, unsorted, &ncerts, GNUTLS_X509_CRT_LIST_SORT); if (ret < 0) { gnutls_free(pcerts); - pcerts = NULL; gnutls_assert(); goto cleanup; } @@ -508,7 +507,6 @@ read_cert_url(gnutls_certificate_credentials_t res, gnutls_privkey_t key, const goto cleanup; } gnutls_free(t.data); - t.data = NULL; } ret = _gnutls_certificate_credential_append_keypair(res, key, names, ccert, count); @@ -908,7 +906,6 @@ gnutls_certificate_get_x509_crt(gnutls_certificate_credentials_t res, while (i--) gnutls_x509_crt_deinit((*crt_list)[i]); gnutls_free(*crt_list); - *crt_list = NULL; return gnutls_assert_val(ret); } diff --git a/lib/cert-cred.c b/lib/cert-cred.c index f04ded4c04..35183b7cc7 100644 --- a/lib/cert-cred.c +++ b/lib/cert-cred.c @@ -258,7 +258,6 @@ void gnutls_certificate_free_keys(gnutls_certificate_credentials_t sc) for (j = 0; j < sc->certs[i].ocsp_data_length; j++) { gnutls_free(sc->certs[i].ocsp_data[j].response.data); - sc->certs[i].ocsp_data[j].response.data = NULL; } _gnutls_str_array_clear(&sc->certs[i].names); gnutls_privkey_deinit(sc->certs[i].pkey); @@ -266,8 +265,6 @@ void gnutls_certificate_free_keys(gnutls_certificate_credentials_t sc) gnutls_free(sc->certs); gnutls_free(sc->sorted_cert_idx); - sc->certs = NULL; - sc->sorted_cert_idx = NULL; sc->ncerts = 0; } diff --git a/lib/hello_ext.c b/lib/hello_ext.c index 2d7cd806f6..0a8d4004a3 100644 --- a/lib/hello_ext.c +++ b/lib/hello_ext.c @@ -464,9 +464,8 @@ void _gnutls_hello_ext_deinit(void) continue; if (extfunc[i]->free_struct != 0) { - gnutls_free((void*)extfunc[i]->name); - gnutls_free((void*)extfunc[i]); - extfunc[i] = NULL; + gnutls_free(((hello_ext_entry_st *)extfunc[i])->name); + gnutls_free(extfunc[i]); } } } diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index 2965889664..eb808e40b4 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -2194,6 +2194,10 @@ extern _SYM_EXPORT gnutls_realloc_function gnutls_realloc; extern _SYM_EXPORT gnutls_calloc_function gnutls_calloc; extern _SYM_EXPORT gnutls_free_function gnutls_free; +#ifdef GNUTLS_INTERNAL_BUILD +#define gnutls_free(a) gnutls_free((void *) (a)), a=NULL +#endif + extern _SYM_EXPORT char *(*gnutls_strdup) (const char *); /* a variant of memset that doesn't get optimized out */ @@ -88,7 +88,6 @@ _gnutls_mpi_random_modp(bigint_t r, bigint_t p, if (buf_release != 0) { gnutls_free(buf); - buf = NULL; } if (r != NULL) { diff --git a/lib/nettle/mpi.c b/lib/nettle/mpi.c index 8a93ac2786..96bec4aa43 100644 --- a/lib/nettle/mpi.c +++ b/lib/nettle/mpi.c @@ -122,7 +122,6 @@ static int wrap_nettle_mpi_init_multi(bigint_t *w, ...) fail: mpz_clear(TOMPZ(*w)); gnutls_free(*w); - *w = NULL; va_start(args, w); @@ -131,7 +130,6 @@ fail: if (next != last_failed) { mpz_clear(TOMPZ(*next)); gnutls_free(*next); - *next = NULL; } } while(next != last_failed); diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index 38c098d8d5..5b109ee475 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -371,7 +371,6 @@ dh_cleanup: if (_gnutls_mem_is_zero(out->data, out->size)) { gnutls_free(out->data); - out->data = NULL; gnutls_assert(); ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; goto cleanup; @@ -2254,8 +2253,6 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, params->params_nr = 0; gnutls_free(params->raw_priv.data); gnutls_free(params->raw_pub.data); - params->raw_priv.data = NULL; - params->raw_pub.data = NULL; FAIL_IF_LIB_ERROR; return ret; diff --git a/lib/ocsp-api.c b/lib/ocsp-api.c index d18a1f0c2c..a0005e99d4 100644 --- a/lib/ocsp-api.c +++ b/lib/ocsp-api.c @@ -473,7 +473,6 @@ gnutls_certificate_set_ocsp_status_request_mem(gnutls_certificate_credentials_t nresp++; gnutls_free(der.data); - der.data = NULL; p.data++; p.size--; @@ -537,8 +537,6 @@ void gnutls_pk_params_release(gnutls_pk_params_st * p) } gnutls_free(p->raw_priv.data); gnutls_free(p->raw_pub.data); - p->raw_priv.data = NULL; - p->raw_pub.data = NULL; p->params_nr = 0; } diff --git a/lib/pkcs11.c b/lib/pkcs11.c index 80d7c57b1f..b227c0200e 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -1236,7 +1236,6 @@ int gnutls_pkcs11_obj_init(gnutls_pkcs11_obj_t * obj) (*obj)->info = p11_kit_uri_new(); if ((*obj)->info == NULL) { gnutls_free(*obj); - *obj = NULL; gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c index 53a2d8a937..ca45bb60d5 100644 --- a/lib/pkcs11_privkey.c +++ b/lib/pkcs11_privkey.c @@ -443,7 +443,6 @@ _gnutls_pkcs11_privkey_sign(gnutls_pkcs11_privkey_t key, } gnutls_free(tmp.data); - tmp.data = NULL; } else { signature->size = siglen; signature->data = tmp.data; @@ -521,10 +520,8 @@ gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey, memset(&pkey->sinfo, 0, sizeof(pkey->sinfo)); - if (pkey->url) { + if (pkey->url) gnutls_free(pkey->url); - pkey->url = NULL; - } if (pkey->uinfo) { p11_kit_uri_free(pkey->uinfo); @@ -621,7 +618,6 @@ gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey, pkey->uinfo = NULL; } gnutls_free(pkey->url); - pkey->url = NULL; return ret; } diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c index 4a83018fd8..49a47ebf8b 100644 --- a/lib/pkcs11_write.c +++ b/lib/pkcs11_write.c @@ -268,7 +268,6 @@ static void clean_pubkey(struct ck_attribute *a, unsigned a_val) case CKA_EC_PARAMS: case CKA_EC_POINT: gnutls_free(a[i].value); - a[i].value = NULL; break; } } diff --git a/lib/session_pack.c b/lib/session_pack.c index da74f45e0c..3842ed4c4d 100644 --- a/lib/session_pack.c +++ b/lib/session_pack.c @@ -574,8 +574,6 @@ unpack_certificate_auth_info(gnutls_session_t session, gnutls_free(info->raw_certificate_list); gnutls_free(info->raw_ocsp_list); - info->raw_certificate_list = NULL; - info->raw_ocsp_list = NULL; } return ret; @@ -609,7 +609,6 @@ gnutls_srp_set_server_credentials_file(gnutls_srp_server_credentials_t res, if (res->password_conf_file == NULL) { gnutls_assert(); gnutls_free(res->password_file); - res->password_file = NULL; return GNUTLS_E_MEMORY_ERROR; } @@ -80,7 +80,7 @@ void _gnutls_buffer_clear(gnutls_buffer_st * str) return; gnutls_free(str->allocd); - str->data = str->allocd = NULL; + str->data = NULL; str->max_length = 0; str->length = 0; } diff --git a/lib/tls13/certificate_request.c b/lib/tls13/certificate_request.c index 4efeee0377..50602e2338 100644 --- a/lib/tls13/certificate_request.c +++ b/lib/tls13/certificate_request.c @@ -152,7 +152,6 @@ int _gnutls13_recv_certificate_request_int(gnutls_session_t session, gnutls_buff return gnutls_assert_val(ret); gnutls_free(session->internals.post_handshake_cr_context.data); - session->internals.post_handshake_cr_context.data = NULL; ret = _gnutls_set_datum(&session->internals.post_handshake_cr_context, context.data, context.size); if (ret < 0) @@ -279,7 +278,6 @@ int _gnutls13_send_certificate_request(gnutls_session_t session, unsigned again) } gnutls_free(session->internals.post_handshake_cr_context.data); - session->internals.post_handshake_cr_context.data = NULL; ret = _gnutls_set_datum(&session->internals.post_handshake_cr_context, rnd, sizeof(rnd)); if (ret < 0) { @@ -1641,10 +1641,8 @@ gnutls_tpm_privkey_generate(gnutls_pk_algorithm_t pk, unsigned int bits, gnutls_pubkey_deinit(pub); privkey_cleanup: gnutls_free(privkey->data); - privkey->data = NULL; cleanup: gnutls_free(tmpkey.data); - tmpkey.data = NULL; err_sa: pTspi_Context_CloseObject(s.tpm_ctx, key_ctx); err_cc: diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c index a52c4aa428..a8edf30ec6 100644 --- a/lib/x509/ocsp.c +++ b/lib/x509/ocsp.c @@ -162,7 +162,6 @@ void gnutls_ocsp_resp_deinit(gnutls_ocsp_resp_t resp) asn1_delete_structure(&resp->basicresp); resp->resp = NULL; - resp->response_type_oid.data = NULL; resp->basicresp = NULL; gnutls_free(resp->der.data); @@ -299,7 +298,6 @@ gnutls_ocsp_resp_import2(gnutls_ocsp_resp_t resp, } gnutls_free(resp->der.data); - resp->der.data = NULL; } resp->init = 1; @@ -1668,18 +1666,12 @@ gnutls_ocsp_resp_get_single(gnutls_ocsp_resp_t resp, return GNUTLS_E_SUCCESS; fail: - if (issuer_name_hash) { + if (issuer_name_hash) gnutls_free(issuer_name_hash->data); - issuer_name_hash->data = NULL; - } - if (issuer_key_hash) { + if (issuer_key_hash) gnutls_free(issuer_key_hash->data); - issuer_key_hash->data = NULL; - } - if (serial_number) { + if (serial_number) gnutls_free(serial_number->data); - serial_number->data = NULL; - } return ret; } @@ -1955,7 +1947,6 @@ gnutls_ocsp_resp_get_certs(gnutls_ocsp_resp_t resp, } gnutls_free(c.data); - c.data = NULL; } tmpcerts[ctr] = NULL; diff --git a/lib/x509/pkcs12_bag.c b/lib/x509/pkcs12_bag.c index 26d2142ea0..35d12ac4b9 100644 --- a/lib/x509/pkcs12_bag.c +++ b/lib/x509/pkcs12_bag.c @@ -62,7 +62,6 @@ static inline void _pkcs12_bag_free_data(gnutls_pkcs12_bag_t bag) _gnutls_free_datum(&bag->element[i].data); _gnutls_free_datum(&bag->element[i].local_key_id); gnutls_free(bag->element[i].friendly_name); - bag->element[i].friendly_name = NULL; bag->element[i].type = 0; } diff --git a/lib/x509/pkcs7-crypt.c b/lib/x509/pkcs7-crypt.c index c2b00e61c1..39eb7784be 100644 --- a/lib/x509/pkcs7-crypt.c +++ b/lib/x509/pkcs7-crypt.c @@ -1269,7 +1269,6 @@ _gnutls_pkcs_raw_decrypt_data(schema_id schema, ASN1_TYPE pkcs8_asn, _gnutls_cipher_init(&ch, ce, &dkey, &d_iv, 0); gnutls_free(key); - key = NULL; if (ret < 0) { gnutls_assert(); diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c index 37e2cc3a51..bfb464a470 100644 --- a/lib/x509/pkcs7.c +++ b/lib/x509/pkcs7.c @@ -692,7 +692,6 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, ret = gnutls_pkcs7_add_attr(&info->signed_attrs, oid, &tmp, 0); gnutls_free(tmp.data); - tmp.data = NULL; if (ret < 0) { gnutls_assert(); @@ -730,7 +729,6 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, ret = gnutls_pkcs7_add_attr(&info->unsigned_attrs, oid, &tmp, 0); gnutls_free(tmp.data); - tmp.data = NULL; if (ret < 0) { gnutls_assert(); @@ -842,9 +840,7 @@ static int verify_hash_attr(gnutls_pkcs7_t pkcs7, const char *root, } gnutls_free(tmp.data); - tmp.data = NULL; gnutls_free(tmp2.data); - tmp2.data = NULL; } if (msg_digest_ok) @@ -1087,7 +1083,6 @@ static gnutls_x509_crt_t find_verified_issuer_of(gnutls_pkcs7_t pkcs7, gnutls_x509_crt_deinit(issuer); issuer = NULL; gnutls_free(tmp.data); - tmp.data = NULL; continue; } @@ -1204,7 +1199,6 @@ static gnutls_x509_crt_t find_child_of_with_serial(gnutls_pkcs7_t pkcs7, gnutls_x509_crt_deinit(crt); crt = NULL; gnutls_free(tmpdata.data); - tmpdata.data = NULL; continue; } } else { diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index 049d2fb7ed..d0cb226364 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -601,7 +601,6 @@ gnutls_pkcs8_info(const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format, cleanup: if (ret != GNUTLS_E_UNKNOWN_CIPHER_TYPE && oid) { gnutls_free(*oid); - *oid = NULL; } if (need_free) _gnutls_free_datum(&_data); diff --git a/lib/x509/verify-high2.c b/lib/x509/verify-high2.c index ff574ababe..ff7f6a4eb4 100644 --- a/lib/x509/verify-high2.c +++ b/lib/x509/verify-high2.c @@ -184,7 +184,6 @@ int remove_pkcs11_url(gnutls_x509_trust_list_t list, const char *ca_file) { if (strcmp(ca_file, list->pkcs11_token) == 0) { gnutls_free(list->pkcs11_token); - list->pkcs11_token = NULL; } return 0; } diff --git a/lib/x509/virt-san.c b/lib/x509/virt-san.c index f3b87135b1..a81337e25b 100644 --- a/lib/x509/virt-san.c +++ b/lib/x509/virt-san.c @@ -70,7 +70,6 @@ int _gnutls_alt_name_assign_virt_type(struct name_st *name, unsigned type, gnutl if (ret < 0) return gnutls_assert_val(ret); gnutls_free(san->data); - san->data = NULL; if (othername_oid) { name->othername_oid.data = (uint8_t *) othername_oid; diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 88aab5538e..995d5cd5cf 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -227,8 +227,8 @@ int gnutls_x509_crt_init(gnutls_x509_crt_t * cert) if (result < 0) { gnutls_assert(); asn1_delete_structure(&tmp->cert); - gnutls_free(tmp); gnutls_subject_alt_names_deinit(tmp->san); + gnutls_free(tmp); return result; } @@ -386,7 +386,6 @@ static int cache_alt_names(gnutls_x509_crt_t cert) if (ret >= 0) { ret = gnutls_x509_ext_import_subject_alt_names(&tmpder, cert->san, 0); gnutls_free(tmpder.data); - tmpder.data = NULL; if (ret < 0) return gnutls_assert_val(ret); } @@ -3684,7 +3683,6 @@ gnutls_x509_crt_list_import2(gnutls_x509_crt_t ** certs, if (ret < 0) { gnutls_free(*certs); - *certs = NULL; return ret; } @@ -4316,7 +4314,6 @@ gnutls_x509_crt_list_import_url(gnutls_x509_crt_t **certs, if (gnutls_x509_crt_equals2(crts[i-1], &issuer)) { gnutls_free(issuer.data); - issuer.data = NULL; break; } @@ -4337,7 +4334,6 @@ gnutls_x509_crt_list_import_url(gnutls_x509_crt_t **certs, } gnutls_free(issuer.data); - issuer.data = NULL; } *certs = gnutls_malloc(total*sizeof(gnutls_x509_crt_t)); diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c index ffc05bc0a3..8a0acd30aa 100644 --- a/lib/x509/x509_ext.c +++ b/lib/x509/x509_ext.c @@ -1994,7 +1994,6 @@ int gnutls_x509_ext_import_policies(const gnutls_datum_t * ext, ret = decode_user_notice(td.data, td.size, &txt); gnutls_free(td.data); - td.data = NULL; if (ret < 0) { gnutls_assert(); diff --git a/lib/x509_b64.c b/lib/x509_b64.c index 9a1037405b..3117843be1 100644 --- a/lib/x509_b64.c +++ b/lib/x509_b64.c @@ -302,7 +302,6 @@ _gnutls_base64_decode(const uint8_t * data, size_t data_size, fail: gnutls_free(result->data); - result->data = NULL; cleanup: gnutls_free(pdata.data); diff --git a/tests/cert.c b/tests/cert.c index da0ab23df4..ec566a4a4a 100644 --- a/tests/cert.c +++ b/tests/cert.c @@ -89,7 +89,6 @@ static int getnextcert(DIR **dirp, gnutls_datum_t *der, int *exp_ret) *exp_ret = atoi((char*)local.data); success("expecting error code %d\n", *exp_ret); gnutls_free(local.data); - local.data = NULL; } return 0; @@ -135,7 +134,6 @@ void doit(void) gnutls_x509_crt_deinit(cert); gnutls_free(der.data); - der.data = NULL; der.size = 0; exp_ret = -1; } diff --git a/tests/gnutls_session_set_id.c b/tests/gnutls_session_set_id.c index 8de45892fb..e0e167ed27 100644 --- a/tests/gnutls_session_set_id.c +++ b/tests/gnutls_session_set_id.c @@ -200,7 +200,6 @@ static void start(const char *test, unsigned try_resume) gnutls_certificate_free_credentials(clientx509cred); gnutls_free(dbdata.data); - dbdata.data = NULL; dbdata.size = 0; } diff --git a/tests/name-constraints-ip.c b/tests/name-constraints-ip.c index 3dd4ff2cb2..ed96109c7a 100644 --- a/tests/name-constraints-ip.c +++ b/tests/name-constraints-ip.c @@ -78,7 +78,6 @@ static void check_test_result(int ret, int expected_outcome, static void parse_cidr(const char* cidr, gnutls_datum_t *datum) { if (datum->data != NULL) { gnutls_free(datum->data); - datum->data = NULL; } int ret = gnutls_x509_cidr_to_rfc5280(cidr, datum); check_for_error(ret); @@ -699,7 +698,7 @@ static int teardown(void **state) { gnutls_free(test_vars->ip.data); gnutls_x509_name_constraints_deinit(test_vars->nc); gnutls_x509_name_constraints_deinit(test_vars->nc2); - gnutls_free(test_vars); + gnutls_free(*state); return 0; } diff --git a/tests/pkcs11/pkcs11-import-url-privkey.c b/tests/pkcs11/pkcs11-import-url-privkey.c index 38d40b666d..ded8c9a75e 100644 --- a/tests/pkcs11/pkcs11-import-url-privkey.c +++ b/tests/pkcs11/pkcs11-import-url-privkey.c @@ -91,7 +91,6 @@ void doit(void) for (i=0;i<obj_list_size;i++) gnutls_pkcs11_obj_deinit(obj_list[i]); gnutls_free(obj_list); - obj_list = NULL; obj_list_size = 0; #ifndef _WIN32 @@ -122,7 +121,6 @@ void doit(void) for (i=0;i<obj_list_size;i++) gnutls_pkcs11_obj_deinit(obj_list[i]); gnutls_free(obj_list); - obj_list = NULL; obj_list_size = 0; } #endif diff --git a/tests/pkcs11/pkcs11-privkey-always-auth.c b/tests/pkcs11/pkcs11-privkey-always-auth.c index 3561c412fd..441f637225 100644 --- a/tests/pkcs11/pkcs11-privkey-always-auth.c +++ b/tests/pkcs11/pkcs11-privkey-always-auth.c @@ -175,7 +175,6 @@ void doit(void) pin_called = 0; gnutls_free(sig.data); - sig.data = NULL; /* call again - should re-authenticate */ ret = gnutls_privkey_sign_hash(key, GNUTLS_DIG_SHA1, 0, &data, &sig); @@ -190,7 +189,6 @@ void doit(void) pin_called = 0; gnutls_free(sig.data); - sig.data = NULL; if (debug) printf("done\n\n\n"); diff --git a/tests/pkcs11/pkcs11-privkey-fork-reinit.c b/tests/pkcs11/pkcs11-privkey-fork-reinit.c index 1535d644f9..a725842257 100644 --- a/tests/pkcs11/pkcs11-privkey-fork-reinit.c +++ b/tests/pkcs11/pkcs11-privkey-fork-reinit.c @@ -123,7 +123,6 @@ void doit(void) } gnutls_free(sig.data); - sig.data = NULL; pid = fork(); if (pid != 0) { diff --git a/tests/pkcs11/pkcs11-privkey-fork.c b/tests/pkcs11/pkcs11-privkey-fork.c index 9d301d7d62..b99755c73b 100644 --- a/tests/pkcs11/pkcs11-privkey-fork.c +++ b/tests/pkcs11/pkcs11-privkey-fork.c @@ -123,7 +123,6 @@ void doit(void) } gnutls_free(sig.data); - sig.data = NULL; pid = fork(); if (pid != 0) { diff --git a/tests/pkcs11/pkcs11-privkey-safenet-always-auth.c b/tests/pkcs11/pkcs11-privkey-safenet-always-auth.c index 1b5b34054d..a4ab5b5aa3 100644 --- a/tests/pkcs11/pkcs11-privkey-safenet-always-auth.c +++ b/tests/pkcs11/pkcs11-privkey-safenet-always-auth.c @@ -157,7 +157,6 @@ void doit(void) pin_called = 0; gnutls_free(sig.data); - sig.data = NULL; /* call again - should re-authenticate */ ret = gnutls_privkey_sign_hash(key, GNUTLS_DIG_SHA1, 0, &data, &sig); @@ -172,7 +171,6 @@ void doit(void) pin_called = 0; gnutls_free(sig.data); - sig.data = NULL; if (debug) printf("done\n\n\n"); diff --git a/tests/pkcs7.c b/tests/pkcs7.c index a490976fc5..2d5a5548d4 100644 --- a/tests/pkcs7.c +++ b/tests/pkcs7.c @@ -90,7 +90,6 @@ static int getnextfile(DIR **dirp, gnutls_datum_t *der, int *exp_ret) *exp_ret = atoi((char*)local.data); success("expecting error code %d\n", *exp_ret); gnutls_free(local.data); - local.data = NULL; } return 0; @@ -134,7 +133,6 @@ void doit(void) gnutls_pkcs7_deinit(cert); gnutls_free(der.data); - der.data = NULL; der.size = 0; exp_ret = -1; } diff --git a/tests/resume-dtls.c b/tests/resume-dtls.c index 9e6327c7fe..b5b214313a 100644 --- a/tests/resume-dtls.c +++ b/tests/resume-dtls.c @@ -363,7 +363,6 @@ static void server(int sds[], struct params_res *params) } gnutls_free(session_ticket_key.data); - session_ticket_key.data = NULL; gnutls_anon_free_server_credentials(anoncred); if (debug) diff --git a/tests/resume.c b/tests/resume.c index 0a3b20eac8..381f32da6a 100644 --- a/tests/resume.c +++ b/tests/resume.c @@ -900,7 +900,6 @@ static void server(int sds[], struct params_res *params) } gnutls_free(session_ticket_key.data); - session_ticket_key.data = NULL; if (debug) success("server: finished\n"); diff --git a/tests/sign-verify-data.c b/tests/sign-verify-data.c index 3aa2611755..558ad22530 100644 --- a/tests/sign-verify-data.c +++ b/tests/sign-verify-data.c @@ -153,7 +153,6 @@ void doit(void) /* test the raw interface */ gnutls_free(signature.data); - signature.data = NULL; gnutls_free(signature.data); gnutls_x509_crt_deinit(crt); diff --git a/tests/sign-verify-ext.c b/tests/sign-verify-ext.c index eecb1f357b..cc80bf907f 100644 --- a/tests/sign-verify-ext.c +++ b/tests/sign-verify-ext.c @@ -186,9 +186,7 @@ void doit(void) /* test the raw interface */ gnutls_free(signature.data); - signature.data = NULL; gnutls_free(signature2.data); - signature2.data = NULL; if (gnutls_pubkey_get_pk_algorithm(pubkey, NULL) == GNUTLS_PK_RSA) { diff --git a/tests/sign-verify-ext4.c b/tests/sign-verify-ext4.c index 81aa345bf0..be582ec148 100644 --- a/tests/sign-verify-ext4.c +++ b/tests/sign-verify-ext4.c @@ -227,7 +227,6 @@ void doit(void) testfail("gnutls_pubkey_verify_data2\n"); gnutls_free(signature.data); - signature.data = NULL; if (!tests[i].data_only) { @@ -243,7 +242,6 @@ void doit(void) testfail("gnutls_pubkey_verify_hash2-1 (hashed data)\n"); gnutls_free(signature2.data); - signature2.data = NULL; } if (gnutls_pubkey_get_pk_algorithm(pubkey, NULL) == diff --git a/tests/sign-verify.c b/tests/sign-verify.c index 1fbed5ece2..5a14741fc6 100644 --- a/tests/sign-verify.c +++ b/tests/sign-verify.c @@ -206,7 +206,6 @@ void doit(void) /* test the raw interface */ gnutls_free(signature.data); - signature.data = NULL; if (gnutls_pubkey_get_pk_algorithm(pubkey, NULL) == GNUTLS_PK_RSA) { diff --git a/tests/x509-extensions.c b/tests/x509-extensions.c index d480f83646..a062c1ba8a 100644 --- a/tests/x509-extensions.c +++ b/tests/x509-extensions.c @@ -767,7 +767,6 @@ void doit(void) } } gnutls_free(ext.data); - ext.data = NULL; } if (debug) diff --git a/tests/x509sign-verify-error.c b/tests/x509sign-verify-error.c index 54bdc40abe..97c9666859 100644 --- a/tests/x509sign-verify-error.c +++ b/tests/x509sign-verify-error.c @@ -181,7 +181,6 @@ void doit(void) fail("gnutls_privkey_sign_hash\n"); gnutls_free(signature2.data); - signature2.data = NULL; _gnutls_lib_simulate_error(); ret = gnutls_privkey_sign_hash(privkey, GNUTLS_DIG_SHA1, 0, |