Packet streams: avoid double free if silc_id_id2str fails.

In silc_packet_set_ids, the old ID is freed before silc_id_id2str is
called.  If silc_id_id2str fails, then silc_packet_set_ids returns
without resetting the ID pointer.  The pointer is then free, but not
NULL.  When the packet stream is destroyed, silc_packet_stream_destroy
will free the pointer again.  Reset the ID pointer to NULL immediately
after freeing it to prevent this.

diff --git a/lib/silccore/silcpacket.c b/lib/silccore/silcpacket.c
index df195f678075c20fb495b276977965221cebfbd0..614dc894650ce0e334051a508d1c052cef6e0d44 100644 (file)
--- a/lib/silccore/silcpacket.c
+++ b/lib/silccore/silcpacket.c
@@ -1334,6 +1334,7 @@ SilcBool silc_packet_set_ids(SilcPacketStream stream,
     SILC_LOG_DEBUG(("Setting source ID to packet stream %p", stream));
 
     silc_free(stream->src_id);
+    stream->src_id = NULL;
     if (!silc_id_id2str(src_id, src_id_type, tmp, sizeof(tmp), &len)) {
       silc_mutex_unlock(stream->lock);
       return FALSE;
@@ -1351,6 +1352,7 @@ SilcBool silc_packet_set_ids(SilcPacketStream stream,
     SILC_LOG_DEBUG(("Setting destination ID to packet stream %p", stream));
 
     silc_free(stream->dst_id);
+    stream->dst_id = NULL;
     if (!silc_id_id2str(dst_id, dst_id_type, tmp, sizeof(tmp), &len)) {
       silc_mutex_unlock(stream->lock);
       return FALSE;