Use dealloc() wrapper to minimise risk of local use after free.

liblrzip.c

@@ -1,5 +1,5 @@
 /*
-   Copyright (C) 2012-2016 Con Kolivas
+   Copyright (C) 2012-2016,2018 Con Kolivas
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -155,10 +155,10 @@ void lrzip_free(Lrzip *lr)
 		return;
 	rzip_control_free(lr->control);
 	for (x = 0; x < lr->infilename_idx; x++)
-		free(lr->infilenames[x]);
-	free(lr->infilenames);
-	free(lr->infiles);
-	free(lr);
+		dealloc(lr->infilenames[x]);
+	dealloc(lr->infilenames);
+	dealloc(lr->infiles);
+	dealloc(lr);
 }
 
 Lrzip *lrzip_new(Lrzip_Mode mode)
@@ -354,7 +354,7 @@ void lrzip_files_clear(Lrzip *lr)
 {
 	if ((!lr) || (!lr->infile_buckets))
 		return;
-	free(lr->infiles);
+	dealloc(lr->infiles);
 	lr->infiles = NULL;
 }
 
@@ -403,7 +403,7 @@ bool lrzip_filename_del(Lrzip *lr, const char *file)
 			return true; /* not found */
 		if (strcmp(lr->infilenames[x], file))
 			continue; /* not a match */
-		free(lr->infilenames[x]);
+		dealloc(lr->infilenames[x]);
 		break;
 	}
 	/* update index */
@@ -427,16 +427,16 @@ void lrzip_filenames_clear(Lrzip *lr)
 	if ((!lr) || (!lr->infilename_buckets))
 		return;
 	for (x = 0; x < lr->infilename_idx; x++)
-		free(lr->infilenames[x]);
-	free(lr->infilenames);
+		dealloc(lr->infilenames[x]);
+	dealloc(lr->infilenames);
 	lr->infilenames = NULL;
 }
 
 void lrzip_suffix_set(Lrzip *lr, const char *suffix)
 {
 	if ((!lr) || (!suffix) || (!suffix[0]))
 		return;
-	free(lr->control->suffix);
+	dealloc(lr->control->suffix);
 	lr->control->suffix = strdup(suffix);
 }
 
@@ -454,7 +454,7 @@ void lrzip_outdir_set(Lrzip *lr, const char *dir)
 	size_t len;
 	if ((!lr) || (!dir) || (!dir[0]))
 		return;
-	free(lr->control->outdir);
+	dealloc(lr->control->outdir);
 	slash = strrchr(dir, '/');
 	if (slash && (slash[1] == 0)) {
 		lr->control->outdir = strdup(dir);
@@ -501,7 +501,7 @@ void lrzip_outfilename_set(Lrzip *lr, const char *file)
 		return;
 	if (lr->control->outname && file && (!strcmp(lr->control->outname, file)))
 		return;
-	free(lr->control->outname);
+	dealloc(lr->control->outname);
 	lr->control->outname = file ? strdup(file) : NULL;
 }
 

lrzip.c

@@ -1,5 +1,5 @@
 /*
-   Copyright (C) 2006-2016 Con Kolivas
+   Copyright (C) 2006-2016,2018 Con Kolivas
    Copyright (C) 2011 Peter Hyman
    Copyright (C) 1998-2003 Andrew Tridgell
 
@@ -438,7 +438,7 @@ int open_tmpinfile(rzip_control *control)
 
 	/* Try the current directory */
 	if (fd_in == -1) {
-		free(control->infile);
+		dealloc(control->infile);
 		control->infile = malloc(16);
 		if (unlikely(!control->infile))
 			fatal_return(("Failed to allocate infile name\n"), -1);
@@ -448,7 +448,7 @@ int open_tmpinfile(rzip_control *control)
 
 	/* Use /tmp if nothing is writeable so far */
 	if (fd_in == -1) {
-		free(control->infile);
+		dealloc(control->infile);
 		control->infile = malloc(20);
 		if (unlikely(!control->infile))
 			fatal_return(("Failed to allocate infile name\n"), -1);
@@ -543,7 +543,7 @@ static bool open_tmpoutbuf(rzip_control *control)
 void close_tmpoutbuf(rzip_control *control)
 {
 	control->flags &= ~FLAG_TMP_OUTBUF;
-	free(control->tmp_outbuf);
+	dealloc(control->tmp_outbuf);
 	if (!BITS32)
 		control->usable_ram = control->maxram += control->ramsize / 18;
 }
@@ -576,7 +576,7 @@ bool clear_tmpinfile(rzip_control *control)
 void close_tmpinbuf(rzip_control *control)
 {
 	control->flags &= ~FLAG_TMP_INBUF;
-	free(control->tmp_inbuf);
+	dealloc(control->tmp_inbuf);
 	if (!BITS32)
 		control->usable_ram = control->maxram += control->ramsize / 18;
 }
@@ -613,8 +613,8 @@ static bool get_hash(rzip_control *control, int make_hash)
 	control->hash = calloc(HASH_LEN, 1);
 	if (unlikely(!passphrase || !testphrase || !control->salt_pass || !control->hash)) {
 		fatal("Failed to calloc encrypt buffers in compress_file\n");
-		free(testphrase);
-		free(passphrase);
+		dealloc(testphrase);
+		dealloc(passphrase);
 		return false;
 	}
 	mlock(passphrase, PASS_LEN);
@@ -628,8 +628,8 @@ static bool get_hash(rzip_control *control, int make_hash)
 			fatal("Supplied password was null!");
 			munlock(passphrase, PASS_LEN);
 			munlock(testphrase, PASS_LEN);
-			free(testphrase);
-			free(passphrase);
+			dealloc(testphrase);
+			dealloc(passphrase);
 			release_hashes(control);
 			return false;
 		}
@@ -666,8 +666,8 @@ static bool get_hash(rzip_control *control, int make_hash)
 	memset(passphrase, 0, PASS_LEN);
 	munlock(passphrase, PASS_LEN);
 	munlock(testphrase, PASS_LEN);
-	free(testphrase);
-	free(passphrase);
+	dealloc(testphrase);
+	dealloc(passphrase);
 	return true;
 }
 
@@ -677,8 +677,8 @@ static void release_hashes(rzip_control *control)
 	memset(control->hash, 0, SALT_LEN);
 	munlock(control->salt_pass, PASS_LEN);
 	munlock(control->hash, HASH_LEN);
-	free(control->salt_pass);
-	free(control->hash);
+	dealloc(control->salt_pass);
+	dealloc(control->hash);
 }
 
 /*
@@ -877,7 +877,7 @@ bool decompress_file(rzip_control *control)
 	if (ENCRYPT)
 		release_hashes(control);
 
-	free(control->outfile);
+	dealloc(control->outfile);
 	return true;
 }
 
@@ -1155,7 +1155,7 @@ bool get_fileinfo(rzip_control *control)
 			fatal_return(("Failed to close fd_in in get_fileinfo\n"), false);
 
 out:
-	free(control->outfile);
+	dealloc(control->outfile);
 	return true;
 error:
 	if (!STDIN && ! IS_FROM_FILE) close(fd_in);
@@ -1290,7 +1290,7 @@ bool compress_file(rzip_control *control)
 			fatal_return(("Failed to unlink %s\n", control->infile), false);
 	}
 
-	free(control->outfile);
+	dealloc(control->outfile);
 	return true;
 error:
 	if (! IS_FROM_FILE && STDIN && (fd_in > 0))

lrzip_private.h

@@ -1,5 +1,5 @@
 /*
-   Copyright (C) 2006-2016 Con Kolivas
+   Copyright (C) 2006-2016,2018 Con Kolivas
    Copyright (C) 2011 Peter Hyman
    Copyright (C) 1998-2003 Andrew Tridgell
 
@@ -266,6 +266,11 @@ typedef sem_t cksem_t;
 # define PAGE_SIZE (4096)
 #endif
 
+#define dealloc(ptr) do { \
+	free(ptr); \
+	ptr = NULL; \
+} while (0)
+
 /* Determine how many times to hash the password when encrypting, based on
  * the date such that we increase the number of loops according to Moore's
  * law relative to when the data is encrypted. It is then stored as a two

runzip.c

@@ -1,5 +1,5 @@
 /*
-   Copyright (C) 2006-2016 Con Kolivas
+   Copyright (C) 2006-2016,2018 Con Kolivas
    Copyright (C) 1998-2003 Andrew Tridgell
 
    This program is free software; you can redistribute it and/or modify
@@ -161,12 +161,12 @@ static i64 unzip_literal(rzip_control *control, void *ss, i64 len, uint32 *cksum
 
 	stream_read = read_stream(control, ss, 1, buf, len);
 	if (unlikely(stream_read == -1 )) {
-		free(buf);
+		dealloc(buf);
 		fatal_return(("Failed to read_stream in unzip_literal\n"), -1);
 	}
 
 	if (unlikely(write_1g(control, buf, (size_t)stream_read) != (ssize_t)stream_read)) {
-		free(buf);
+		dealloc(buf);
 		fatal_return(("Failed to write literal buffer of size %lld\n", stream_read), -1);
 	}
 
@@ -175,7 +175,7 @@ static i64 unzip_literal(rzip_control *control, void *ss, i64 len, uint32 *cksum
 	if (!NO_MD5)
 		md5_process_bytes(buf, stream_read, &control->ctx);
 
-	free(buf);
+	dealloc(buf);
 	return stream_read;
 }
 
@@ -221,11 +221,11 @@ static i64 unzip_match(rzip_control *control, void *ss, i64 len, uint32 *cksum,
 		n = MIN(len, offset);
 
 		if (unlikely(read_fdhist(control, off_buf, (size_t)n) != (ssize_t)n)) {
-			free(buf);
+			dealloc(buf);
 			fatal_return(("Failed to read %d bytes in unzip_match\n", n), -1);
 		}
 		if (unlikely(write_1g(control, off_buf, (size_t)n) != (ssize_t)n)) {
-			free(buf);
+			dealloc(buf);
 			fatal_return(("Failed to write %d bytes in unzip_match\n", n), -1);
 		}
 
@@ -239,7 +239,7 @@ static i64 unzip_match(rzip_control *control, void *ss, i64 len, uint32 *cksum,
 		total += n;
 	}
 
-	free(buf);
+	dealloc(buf);
 
 	return total;
 }