arpa2 / libarpa2service

Libraries enabling services to support the ARPA2 identity infrastructure
ISC License
0 stars 1 forks source link

let a2id_free set it's argument to NULL #2

Closed timkuijsten closed 6 years ago

timkuijsten commented 6 years ago

Using assert(3) to catch cases where freed objects are inadvertently used should be done in all but the a2id_free function itself. This way errors can be caught in a secure way in all the other functions, instead of only in the a2id_free function. Although no longer detectable in a2id_free, accepting and returning NULL is idiomatic with free(3) and not a security issue because the behaviour avoids a double free.

Triggered by reading the changelog of Tor 0.3.3.9.