From: Kp <kp@valhallalegends.com>
Date: Sun, 1 Jun 2008 17:59:42 +0000 (-0500)
Subject: Packet streams: avoid double free if silc_id_id2str fails.
X-Git-Tag: silc.server.1.1.13^2~3
X-Git-Url: http://git.silcnet.org/gitweb/?p=silc.git;a=commitdiff_plain;h=3661cbc69ce24b5230c8602b24927eb841933b5e

Packet streams: avoid double free if silc_id_id2str fails.

In silc_packet_set_ids, the old ID is freed before silc_id_id2str is
called.  If silc_id_id2str fails, then silc_packet_set_ids returns
without resetting the ID pointer.  The pointer is then free, but not
NULL.  When the packet stream is destroyed, silc_packet_stream_destroy
will free the pointer again.  Reset the ID pointer to NULL immediately
after freeing it to prevent this.
---

diff --git a/lib/silccore/silcpacket.c b/lib/silccore/silcpacket.c
index df195f67..614dc894 100644
--- a/lib/silccore/silcpacket.c
+++ b/lib/silccore/silcpacket.c
@@ -1334,6 +1334,7 @@ SilcBool silc_packet_set_ids(SilcPacketStream stream,
     SILC_LOG_DEBUG(("Setting source ID to packet stream %p", stream));
 
     silc_free(stream->src_id);
+    stream->src_id = NULL;
     if (!silc_id_id2str(src_id, src_id_type, tmp, sizeof(tmp), &len)) {
       silc_mutex_unlock(stream->lock);
       return FALSE;
@@ -1351,6 +1352,7 @@ SilcBool silc_packet_set_ids(SilcPacketStream stream,
     SILC_LOG_DEBUG(("Setting destination ID to packet stream %p", stream));
 
     silc_free(stream->dst_id);
+    stream->dst_id = NULL;
     if (!silc_id_id2str(dst_id, dst_id_type, tmp, sizeof(tmp), &len)) {
       silc_mutex_unlock(stream->lock);
       return FALSE;