Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix potential double free of ratchet identity key
libsignal does this properly, so there wouldn't be a real double free, but it will `abort()`. Instead of destroying the identity key on disconnect, already destroy it after it has been put into the libsignal 'ratchet identity key pair'. In the case where the key pair is initially generated, the public and private parts are only `ref()`'ed once in [0]. In the case where the key pair is read from the disk, the public and private parts are `ref()`'ed twice, first when decoded in [1] resp. [2] and a second time in [3]. When `omemo_on_disconnect()` is called we were `unref()`'ing the parts twice, before this patch. First in [4], a second time in [5] resp. [6]. Now we do the second `unref()` already when loading. [0] `signal_protocol_key_helper_generate_identity_key_pair()` [1] `curve_decode_point()` [2] `curve_decode_private_point()` [3] `ratchet_identity_key_pair_create()` [4] `ratchet_identity_key_pair_destroy()` [5] `ec_private_key_destroy()` [6] `ec_public_key_destroy()` Signed-off-by: Steffen Jaeckel <[email protected]>
- Loading branch information