Hi, Eric, On 11/02/2017 12:25 AM, Eric Biggers wrote:
When setting the secret with the software Diffie-Hellman implementation, if allocating 'g' failed (e.g. if it was longer than MAX_EXTERN_MPI_BITS), then 'p' was freed twice: once immediately, and once later when the crypto_kpp tfm was destroyed. Fix it by using dh_free_ctx() in the error paths, as that sets the pointers to NULL.
Other solution would be to have just an one-line patch that sets p to NULL after freeing it. The benefit of just setting p to NULL and not using dh_free_ctx() is that you'll spare some cpu cycles. If g fails, g and a will already be NULL, so freeing them and set them to NULL is redundant. However, if you decide to always use dh_free_ctx(), you'll have to get rid of dh_clear_params(), because it will be used just in dh_free_ctx(). You can copy dh_clear_params() body to dh_free_ctx(). Cheers, ta