From 367688c05988bc7257d7e1801c5acf17ef7e854d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20R=C3=BChsen?= Date: Tue, 12 Feb 2019 15:09:11 +0100 Subject: [PATCH 1/3] Automatically NULLify after gnutls_free() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This method prevents direct use-after-free and double-free issues. Signed-off-by: Tim Rühsen CVE: CVE-2019-3829 Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/commit/d39778e43d1674cb3ab3685157fd299816d535c0] Signed-off-by: Dan Tran --- lib/includes/gnutls/gnutls.h.in | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index 49990b5f5..fa77fd0df 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -2132,6 +2132,10 @@ extern _SYM_EXPORT gnutls_realloc_function gnutls_realloc; extern _SYM_EXPORT gnutls_calloc_function gnutls_calloc; extern _SYM_EXPORT gnutls_free_function gnutls_free; +#ifdef GNUTLS_INTERNAL_BUILD +#define gnutls_free(a) gnutls_free((void *) (a)), a=NULL +#endif + extern _SYM_EXPORT char *(*gnutls_strdup) (const char *); /* a variant of memset that doesn't get optimized out */ -- 2.22.0.vfs.1.1.57.gbaf16c8