heimdal: Fix CID 745516 Use after free

If the loop is exited normally, i.e. we did not find anything proper within DH_NUM_TRIES, we try to BN_free a second time. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Thu Nov 14 19:17:06 CET 2013 on sn-devel-104
author: Volker Lendecke <vl@samba.org> 2013-11-11 10:21:54 +0000
committer: David Disseldorp <ddiss@samba.org> 2013-11-14 19:17:06 +0100
commit: 0d5f217cfe03df7258be37adf0f20067a8e30fa8 (patch)
tree: 0d0f1833b028d9fed385059dbef5ff34dcce4eee /source4/heimdal
parent: 671a2fa3f8f35484f9d0635566b081887c8ffbe8 (diff)
download: samba-0d5f217cfe03df7258be37adf0f20067a8e30fa8.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/source4/heimdal/lib/hcrypto/dh-ltm.c b/source4/heimdal/lib/hcrypto/dh-ltm.c
index 6af43cf044e..f4e03139ff2 100644
--- a/source4/heimdal/lib/hcrypto/dh-ltm.c
+++ b/source4/heimdal/lib/hcrypto/dh-ltm.c
@@ -108,8 +108,10 @@ ltm_dh_generate_key(DH *dh)
 		return 0;
 	    }
 	}
-	if (dh->pub_key)
+	if (dh->pub_key) {
 	    BN_free(dh->pub_key);
+	    dh->pub_key = NULL;
+	}
 
 	mp_init_multi(&pub, &priv_key, &g, &p, NULL);
author	Volker Lendecke <vl@samba.org>	2013-11-11 10:21:54 +0000
committer	David Disseldorp <ddiss@samba.org>	2013-11-14 19:17:06 +0100
commit	0d5f217cfe03df7258be37adf0f20067a8e30fa8 (patch)
tree	0d0f1833b028d9fed385059dbef5ff34dcce4eee /source4/heimdal
parent	671a2fa3f8f35484f9d0635566b081887c8ffbe8 (diff)
download	samba-0d5f217cfe03df7258be37adf0f20067a8e30fa8.tar.gz