[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 7/9] dh: fix two leaks in `ssh_get_pubkey_hash`
[Thread Prev] | [Thread Next]
- Subject: [PATCH 7/9] dh: fix two leaks in `ssh_get_pubkey_hash`
- From: Jon Simons <jon@xxxxxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Fri, 25 May 2018 06:54:31 -0700
- To: libssh@xxxxxxxxxx
- Cc: Jon Simons <jon@xxxxxxxxxxxxx>
Fix two memory leaks in `ssh_get_pubkey_hash` for some error paths.
The local `h` buffer and `ctx` MD5 context each must be free'd for
the SSH_ERROR cases.
Introduced with 16217454d576511f37f39c3169963629f9d5082f.
Signed-off-by: Jon Simons <jon@xxxxxxxxxxxxx>
---
src/dh.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/src/dh.c b/src/dh.c
index 733c6e76..c3de5b99 100644
--- a/src/dh.c
+++ b/src/dh.c
@@ -1008,15 +1008,20 @@ int ssh_get_pubkey_hash(ssh_session session, unsigned char **hash) {
}
rc = ssh_get_server_publickey(session, &pubkey);
- if (rc != 0) {
+ if (rc != SSH_OK) {
+ md5_final(h, ctx);
SAFE_FREE(h);
return SSH_ERROR;
}
rc = ssh_pki_export_pubkey_blob(pubkey, &pubkey_blob);
ssh_key_free(pubkey);
- if (rc != 0) {
+ if (rc != SSH_OK) {
+ md5_final(h, ctx);
+ SAFE_FREE(h);
+ return SSH_ERROR;
}
+
md5_update(ctx, ssh_string_data(pubkey_blob), ssh_string_len(pubkey_blob));
ssh_string_free(pubkey_blob);
md5_final(h, ctx);
--
2.14.1
| [PATCH 0/9] server: fix SSH_MSG_KEXDH_REPLY and revive pkd tests | Jon Simons <jon@xxxxxxxxxxxxx> |