heimdal: Fix CID 745516 Use after free

If the loop is exited normally, i.e. we did not find anything proper
within DH_NUM_TRIES, we try to BN_free a second time.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Nov 14 19:17:06 CET 2013 on sn-devel-104

diff --git a/source4/heimdal/lib/hcrypto/dh-ltm.c b/source4/heimdal/lib/hcrypto/dh-ltm.c
index 6af43cf044ee4483a61c057e9e4751fb7b9654ed..f4e03139ff25a122ebfe2206992213d271b92843 100644 (file)
--- a/source4/heimdal/lib/hcrypto/dh-ltm.c
+++ b/source4/heimdal/lib/hcrypto/dh-ltm.c
@@ -108,8 +108,10 @@ ltm_dh_generate_key(DH *dh)
                return 0;
            }
        }
-       if (dh->pub_key)
+       if (dh->pub_key) {
            BN_free(dh->pub_key);
+           dh->pub_key = NULL;
+       }
 
        mp_init_multi(&pub, &priv_key, &g, &p, NULL);