On Sun, Nov 26, 2023 at 07:09:45PM +0000, Blumenthal, Uri - 0553 - MITLL wrote:
> > BTW: maybe a more "defensive" programming style should be used:
> > reset the pointer after it has been freed:
> >
> > tlsa_free(t); t = NULL;
This is too tedious to consistently do by hand...
> I fully support this idea, and am surprised that the OpenSSL
> maintainers have been resisting similar suggestions for quite some
> time.
I don't recall seeing much evidence of active "resistance" on this
front. This sort of comment is IMHO not particularly productive.
> > Or something like:
> >
> > #define XYZ_FREE(ptr) do { \
> > if ((ptr) != NULL) { \
> > xyz_free(ptr); \
> > (ptr) = NULL; \
> > } \
> > } while (0)
This is also tedious to keep instantiating. There is of course
precedent for "free and zero", which is, of example pervasive IIRC in
the GSSAPI, where many of the free functions take a pointer to a
pointer, rather than a pointer, and zero the pointer after freeing it.
The approach I would take for this in OpenSSL could be:
#define OPENSSL_forget(p) do { OPENSSL_free(p); p = NULL; } while (0)
#define OPENSSL_forget_with(p, f) do { f(p); p = NULL; } while (0)
One might then write:
OPENSSL_forget_with(t, tlsa_free);
and the same macro can be used in the rest of the code as appropriate.
--
Viktor.
