diff options
author | rrelyea%redhat.com <devnull@localhost> | 2013-01-25 18:02:53 +0000 |
---|---|---|
committer | rrelyea%redhat.com <devnull@localhost> | 2013-01-25 18:02:53 +0000 |
commit | 33bb867c3a09b94ad3f4e03316fb31aff89a9fa7 (patch) | |
tree | 3b6484350da0b70c802812433ede13030ba62afb | |
parent | 248926c5a39d88a51fc48c2e2b9286b91aea9eb8 (diff) | |
download | nss-hg-33bb867c3a09b94ad3f4e03316fb31aff89a9fa7.tar.gz |
Bug 373108 Fix a double free on the error patch.
r=rsleevi
-rw-r--r-- | security/nss/lib/freebl/rijndael.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/security/nss/lib/freebl/rijndael.c b/security/nss/lib/freebl/rijndael.c index e43a7346c..f7fcb0edb 100644 --- a/security/nss/lib/freebl/rijndael.c +++ b/security/nss/lib/freebl/rijndael.c @@ -1110,10 +1110,13 @@ AES_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize, baseencrypt = PR_TRUE; break; } + /* make sure enough is initializes so we can safely call Destroy */ + cx->worker_cx = NULL; + cx->destroy = NULL; rv = aes_InitContext(cx, key, keysize, iv, basemode, baseencrypt, blocksize); if (rv != SECSuccess) { - AES_DestroyContext(cx, PR_TRUE); + AES_DestroyContext(cx, PR_FALSE); return rv; } @@ -1160,7 +1163,7 @@ AES_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize, /* no, just destroy the existing context */ cx->destroy = NULL; /* paranoia, though you can see a dozen lines */ /* below that this isn't necessary */ - AES_DestroyContext(cx, PR_TRUE); + AES_DestroyContext(cx, PR_FALSE); return SECFailure; } return SECSuccess; @@ -1196,9 +1199,10 @@ AES_CreateContext(const unsigned char *key, const unsigned char *iv, void AES_DestroyContext(AESContext *cx, PRBool freeit) { -/* memset(cx, 0, sizeof *cx); */ if (cx->worker_cx && cx->destroy) { (*cx->destroy)(cx->worker_cx, PR_TRUE); + cx->worker_cx = NULL; + cx->destroy = NULL; } if (freeit) PORT_Free(cx); |