From 7af85d0fe0fdebb48928385e2afacbdac91bb420 Mon Sep 17 00:00:00 2001
From: Michael Vetter <jubalh@iodoru.org>
Date: Mon, 8 Jul 2019 16:33:58 +0200
Subject: [PATCH] Fix double free in omemo_start_device_session_handle_bundle()

omemo_key_free() was called to free the key.
It free the key->data too. But in same cases this was not set  yet. So
we need to set the data to NULL (or use calloc) at initialization so
that omemo_key_free() only frees it if it was actually allocated.

Regards https://github.com/profanity-im/profanity/issues/1148
---
 src/xmpp/omemo.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/xmpp/omemo.c b/src/xmpp/omemo.c
index e44cc00e..99f4785d 100644
--- a/src/xmpp/omemo.c
+++ b/src/xmpp/omemo.c
@@ -165,6 +165,7 @@ omemo_start_device_session_handle_bundle(xmpp_stanza_t *const stanza, void *cons
     xmpp_stanza_t *prekey;
     for (prekey = xmpp_stanza_get_children(prekeys); prekey != NULL; prekey = xmpp_stanza_get_next(prekey)) {
         omemo_key_t *key = malloc(sizeof(omemo_key_t));
+        key->data = NULL;
 
         const char *prekey_id_text = xmpp_stanza_get_attribute(prekey, "preKeyId");
         if (!prekey_id_text) {