From cb9a00951f30fa48574f0dd3ab04fb62975ed3dd Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Tue, 29 Mar 2022 23:47:30 +0800
Subject: [PATCH] Use buf_burn_free() instead of two calls

---
 bignum.c         |  2 +-
 buffer.c         |  6 ++++--
 buffer.h         |  2 +-
 common-kex.c     |  6 ++----
 common-runopts.c |  3 +--
 common-session.c |  3 +--
 dropbearkey.c    |  3 +--
 gensignkey.c     |  3 +--
 keyimport.c      | 18 ++++++------------
 9 files changed, 18 insertions(+), 28 deletions(-)

diff --git a/bignum.c b/bignum.c
index 0d969d3..97e90a7 100644
--- a/bignum.c
+++ b/bignum.c
@@ -100,5 +100,5 @@ void hash_process_mp(const struct ltc_hash_descriptor *hash_desc,
 								plus header + some leeway*/
 	buf_putmpint(buf, mp);
 	hash_desc->process(hs, buf->data, buf->len);
-	buf_free(buf);
+	buf_burn_free(buf);
 }
diff --git a/buffer.c b/buffer.c
index fee41d6..a3ed426 100644
--- a/buffer.c
+++ b/buffer.c
@@ -55,11 +55,13 @@ void buf_free(buffer* buf) {
 	m_free(buf);
 }
 
-/* overwrite the contents of the buffer to clear it */
-void buf_burn(const buffer* buf) {
+/* overwrite the contents of the buffer then free it */
+void buf_burn_free(buffer* buf) {
 	m_burn(buf->data, buf->size);
+	m_free(buf);
 }
 
+
 /* resize a buffer, pos and len will be repositioned if required when
  * downsizing */
 buffer* buf_resize(buffer *buf, unsigned int newsize) {
diff --git a/buffer.h b/buffer.h
index 5b55414..279e9c4 100644
--- a/buffer.h
+++ b/buffer.h
@@ -44,7 +44,7 @@ buffer * buf_new(unsigned int size);
 /* Possibly returns a new buffer*, like realloc() */
 buffer * buf_resize(buffer *buf, unsigned int newsize);
 void buf_free(buffer* buf);
-void buf_burn(const buffer* buf);
+void buf_burn_free(buffer* buf);
 buffer* buf_newcopy(const buffer* buf);
 void buf_setlen(buffer* buf, unsigned int len);
 void buf_incrlen(buffer* buf, unsigned int incr);
diff --git a/common-kex.c b/common-kex.c
index 41384d0..6aaec29 100644
--- a/common-kex.c
+++ b/common-kex.c
@@ -306,8 +306,7 @@ static void gen_new_keys() {
 	mp_clear(ses.dh_K);
 	m_free(ses.dh_K);
 	hash_desc->process(&hs, ses.hash->data, ses.hash->len);
-	buf_burn(ses.hash);
-	buf_free(ses.hash);
+	buf_burn_free(ses.hash);
 	ses.hash = NULL;
 
 	if (IS_DROPBEAR_CLIENT) {
@@ -803,8 +802,7 @@ void finish_kexhashbuf(void) {
 	}
 #endif
 
-	buf_burn(ses.kexhashbuf);
-	buf_free(ses.kexhashbuf);
+	buf_burn_free(ses.kexhashbuf);
 	m_burn(&hs, sizeof(hash_state));
 	ses.kexhashbuf = NULL;
 	
diff --git a/common-runopts.c b/common-runopts.c
index 97e5b2e..8473856 100644
--- a/common-runopts.c
+++ b/common-runopts.c
@@ -57,8 +57,7 @@ int readhostkey(const char * filename, sign_key * hostkey,
 	ret = DROPBEAR_SUCCESS;
 out:
 
-	buf_burn(buf);
-	buf_free(buf);
+	buf_burn_free(buf);
 	return ret;
 }
 
diff --git a/common-session.c b/common-session.c
index 5b61920..5fb33a6 100644
--- a/common-session.c
+++ b/common-session.c
@@ -285,8 +285,7 @@ static void cleanup_buf(buffer **buf) {
 	if (!*buf) {
 		return;
 	}
-	buf_burn(*buf);
-	buf_free(*buf);
+	buf_burn_free(*buf);
 	*buf = NULL;
 }
 
diff --git a/dropbearkey.c b/dropbearkey.c
index 6d38901..183e58b 100644
--- a/dropbearkey.c
+++ b/dropbearkey.c
@@ -309,8 +309,7 @@ static int printpubfile(const char* filename) {
 	err = DROPBEAR_SUCCESS;
 
 out:
-	buf_burn(buf);
-	buf_free(buf);
+	buf_burn_free(buf);
 	buf = NULL;
 	if (key) {
 		sign_key_free(key);
diff --git a/gensignkey.c b/gensignkey.c
index 4be3d7d..cfe0a80 100644
--- a/gensignkey.c
+++ b/gensignkey.c
@@ -181,8 +181,7 @@ int signkey_generate(enum signkey_type keytype, int bits, const char* filename,
 
 out:
 	if (buf) {
-		buf_burn(buf);
-		buf_free(buf);
+		buf_burn_free(buf);
 	}
 	
 	if (fn_temp) {
diff --git a/keyimport.c b/keyimport.c
index 5bb2e50..31d06e2 100644
--- a/keyimport.c
+++ b/keyimport.c
@@ -504,16 +504,14 @@ static struct openssh_key *load_openssh_key(const char *filename)
 	}
 
 	if (buf) {
-		buf_burn(buf);
-		buf_free(buf);
+		buf_burn_free(buf);
 	}
 	m_burn(buffer, sizeof(buffer));
 	return ret;
 
 error:
 	if (buf) {
-		buf_burn(buf);
-		buf_free(buf);
+		buf_burn_free(buf);
 	}
 	m_burn(buffer, sizeof(buffer));
 	if (ret) {
@@ -898,8 +896,7 @@ static sign_key *openssh_read(const char *filename, const char * UNUSED(passphra
 
 	error:
 	if (blobbuf) {
-		buf_burn(blobbuf);
-		buf_free(blobbuf);
+		buf_burn_free(blobbuf);
 	}
 	m_burn(key->keyblob, key->keyblob_size);
 	m_free(key->keyblob);
@@ -1070,8 +1067,7 @@ static int openssh_write(const char *filename, sign_key *key,
 		outblob = (unsigned char*)m_malloc(outlen);
 		memcpy(outblob, buf->data, buf->len);
 
-		buf_burn(buf);
-		buf_free(buf);
+		buf_burn_free(buf);
 		buf = NULL;
 
 		header = "-----BEGIN OPENSSH PRIVATE KEY-----\n";
@@ -1133,12 +1129,10 @@ static int openssh_write(const char *filename, sign_key *key,
 		m_free(outblob);
 	}
 	if (keyblob) {
-		buf_burn(keyblob);
-		buf_free(keyblob);
+		buf_burn_free(keyblob);
 	}
 	if (extrablob) {
-		buf_burn(extrablob);
-		buf_free(extrablob);
+		buf_burn_free(extrablob);
 	}
 	return ret;
 }