From f2380a53fb84d370eaf6e6c3473062c54c57fac7 Mon Sep 17 00:00:00 2001
From: Oliver Giles <ohw.giles@gmail.com>
Date: Mon, 1 Feb 2021 10:12:16 +1300
Subject: [PATCH] Prevent potential double-free in TNEFSubjectHandler

If TNEFSubjectHandler is called multiple times, but the last time
failed due to the PREALLOCCHECK, the subject.data member will be
a freed, but invalid pointer. To prevent a double-free next time
TNEFSubjectHandler is entered, set it to zero after freeing.

Resolves: #85
Reported-by: jasperla
---
 lib/ytnef.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/lib/ytnef.c b/lib/ytnef.c
index b148719..b06c807 100644
--- a/lib/ytnef.c
+++ b/lib/ytnef.c
@@ -301,8 +301,10 @@ int TNEFFromHandler STD_ARGLIST {
 }
 // -----------------------------------------------------------------------------
 int TNEFSubjectHandler STD_ARGLIST {
-  if (TNEF->subject.data)
+  if (TNEF->subject.data) {
     free(TNEF->subject.data);
+    TNEF->subject.data = NULL;
+  }
 
   PREALLOCCHECK(size, 100);
   TNEF->subject.data = calloc(size+1, sizeof(BYTE));
='/guix/refs/?id=53346d033287112fb30263eb5a35cf7f2f5621a0'>refs</a><a class='active' href='/guix/log/gnu/image.scm'>log</a><a href='/guix/tree/gnu/image.scm?id=53346d033287112fb30263eb5a35cf7f2f5621a0'>tree</a><a href='/guix/commit/gnu/image.scm?id=53346d033287112fb30263eb5a35cf7f2f5621a0'>commit</a><a href='/guix/diff/gnu/image.scm?id=53346d033287112fb30263eb5a35cf7f2f5621a0'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/gnu/image.scm'>
<input type='hidden' name='id' value='53346d033287112fb30263eb5a35cf7f2f5621a0'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=53346d033287112fb30263eb5a35cf7f2f5621a0'>root</a>/<a href='/guix/log/gnu?id=53346d033287112fb30263eb5a35cf7f2f5621a0'>gnu</a>/<a href='/guix/log/gnu/image.scm?id=53346d033287112fb30263eb5a35cf7f2f5621a0'>image.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/image.scm?id=53346d033287112fb30263eb5a35cf7f2f5621a0&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2020-09-30 10:47:59 +0200'>2020-09-30</span></td><td><a href='/guix/commit/gnu/image.scm?id=99d036ce8402326352c8aa181d89c6d0c7ce85a8'>image: Add image-type support.</a><span class='msg-avail'>...</span></td><td>Mathieu Othacehe</td></tr>
<tr><td><span title='2020-06-24 20:24:34 +0200'>2020-06-24</span></td><td><a href='/guix/commit/gnu/image.scm?id=b904b59ce592c89dfb4675a8c06757afed6738a0'>image: Move hurd image definition to a dedicated file.</a><span class='msg-avail'>...</span></td><td>Mathieu Othacehe</td></tr>
<tr><td><span title='2020-06-13 15:20:52 +0200'>2020-06-13</span></td><td><a href='/guix/commit/gnu/image.scm?id=f292d4719dead6a615187f325fbc0bb0e99d10b4'>image: Add 'target' support.</a><span class='msg-avail'>...</span></td><td>Mathieu Othacehe</td></tr>
<tr><td><span title='2020-05-26 17:16:42 +0200'>2020-05-26</span></td><td><a href='/guix/commit/gnu/image.scm?id=bd3716f6fee127562935d86ff7f641197366769c'>image: Add partition file-system options support.</a><span class='msg-avail'>...</span></td><td>Mathieu Othacehe</td></tr>
<tr><td><span title='2020-05-26 13:06:37 +0200'>2020-05-26</span></td><td><a href='/guix/commit/gnu/image.scm?id=1dd7b87f101ce99b37be5c769904c1aa2f6a0615'>image: Set offset default to zero.</a><span class='msg-avail'>...</span></td><td>Mathieu Othacehe</td></tr>
<tr><td><span title='2020-05-26 09:57:06 +0200'>2020-05-26</span></td><td><a href='/guix/commit/gnu/image.scm?id=1b4fa7851b39f087a6433e8b5e22c479ca1da289'>image: Add partition offset support.</a><span class='msg-avail'>...</span></td><td>Mathieu Othacehe</td></tr>
<tr><td><span title='2020-05-05 16:13:53 +0200'>2020-05-05</span></td><td><a href='/guix/commit/gnu/image.scm?id=f19cf27c2b9ff92e2c0fd931ef7fde39c376adaa'>image: Add a new API.</a><span class='msg-avail'>...</span></td><td>Mathieu Othacehe</td></tr>

Age	Commit message (Expand)	Author
2020-09-30	image: Add image-type support....	Mathieu Othacehe
2020-06-24	image: Move hurd image definition to a dedicated file....	Mathieu Othacehe
2020-06-13	image: Add 'target' support....	Mathieu Othacehe
2020-05-26	image: Add partition file-system options support....	Mathieu Othacehe
2020-05-26	image: Set offset default to zero....	Mathieu Othacehe
2020-05-26	image: Add partition offset support....	Mathieu Othacehe
2020-05-05	image: Add a new API....	Mathieu Othacehe