On 5/25/2012 11:41 AM, Carter Browne wrote:
That's not the normal library behavior.
My typical design pattern is:
void *ptr = NULL;
do stuff which may in some branches allocate the pointer
free(ptr);
If the library crashes on free(NULL), you're just making people like me
do this everywhere:
if (ptr != NULL) free (ptr);
That was just a snippet to explain why I take advantage of free(NULL)
being a noop.
Any secure programming standard would also require that you set ptr to NULL as
soon as you free it.
I always do all the free()'s just before the function returns. Setting
the local variable to NULL just before it disappears is redundant.
If you're worried about a function leaking secrets, I always zero an
array with secrets before I free it.
Re-using already freed memory pointers is a common source of both bugs and
security holes.
In a real program, I don't reuse pointers. The saving of a few bytes is
hardly worth the risk (as you said). It also makes the program harder
to understand when variables are reused.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
