argon2.c: goto fail leads to free(null)

P-H-C / phc-winner-argon2

The password hash Argon2, winner of PHC

Other

4.78k stars 406 forks source link

argon2.c: goto fail leads to free(null) #283

Closed yabaud closed 4 years ago

yabaud commented 4 years ago

When reaching: fail: free(ctx.salt); free(ctx.out); free(desired_result); free() argument may be null. Example: when coming from l.289 ret = decode_string(&ctx, encoded, type); desired_result is null.

Suggested fix: test for argument non-nullity before calling free().

sneves commented 4 years ago

NULL is a valid input to free, according to the C standard.