aniani/profanity
1
0
Fork 0
mirror of https://github.com/profanity-im/profanity.git synced 2024-12-04 14:46:46 -05:00
Code

Fix double free in omemo_start_device_session_handle_bundle()

Browse Source 
omemo_key_free() was called to free the key.
It free the key->data too. But in same cases this was not set  yet. So
we need to set the data to NULL (or use calloc) at initialization so
that omemo_key_free() only frees it if it was actually allocated.

Regards https://github.com/profanity-im/profanity/issues/1148
This commit is contained in:
Michael Vetter 2019-07-08 16:33:58 +02:00
parent b3bb62dcbd
commit 7af85d0fe0
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/xmpp/omemo.c
View File

@ -165,6 +165,7 @@ omemo_start_device_session_handle_bundle(xmpp_stanza_t *const stanza, void *cons
xmpp_stanza_t *prekey;
for (prekey = xmpp_stanza_get_children(prekeys); prekey != NULL; prekey = xmpp_stanza_get_next(prekey)) {
omemo_key_t *key = malloc(sizeof(omemo_key_t));
key->data = NULL;
const char *prekey_id_text = xmpp_stanza_get_attribute(prekey, "preKeyId");
if (!prekey_id_text) {