[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] libgcrypt: fix cipher handle leaks on setkey error paths

Subject: [PATCH] libgcrypt: fix cipher handle leaks on setkey error paths
From: Jussi Kivilinna <jussi.kivilinna@xxxxxx>
Reply-to: libssh@xxxxxxxxxx
Date: Sat, 7 Dec 2019 19:23:43 +0200
To: libssh@xxxxxxxxxx
Cc: Jussi Kivilinna <jussi.kivilinna@xxxxxx>

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@xxxxxx>
---
 src/libgcrypt.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/libgcrypt.c b/src/libgcrypt.c
index 72f6661c..f826fc5b 100644
--- a/src/libgcrypt.c
+++ b/src/libgcrypt.c
@@ -301,10 +301,12 @@ static int blowfish_set_key(struct ssh_cipher_struct *cipher, void *key, void *I
       return -1;
     }
     if (gcry_cipher_setkey(cipher->key[0], key, 16)) {
+      gcry_cipher_close(cipher->key[0]);
       SAFE_FREE(cipher->key);
       return -1;
     }
     if (gcry_cipher_setiv(cipher->key[0], IV, 8)) {
+      gcry_cipher_close(cipher->key[0]);
       SAFE_FREE(cipher->key);
       return -1;
     }
@@ -358,12 +360,13 @@ static int aes_set_key(struct ssh_cipher_struct *cipher, void *key, void *IV) {
         break;
     }
     if (gcry_cipher_setkey(cipher->key[0], key, cipher->keysize / 8)) {
+      gcry_cipher_close(cipher->key[0]);
       SAFE_FREE(cipher->key);
       return -1;
     }
     if(mode == GCRY_CIPHER_MODE_CBC){
       if (gcry_cipher_setiv(cipher->key[0], IV, 16)) {
-
+        gcry_cipher_close(cipher->key[0]);
         SAFE_FREE(cipher->key);
         return -1;
       }
@@ -374,6 +377,7 @@ static int aes_set_key(struct ssh_cipher_struct *cipher, void *key, void *IV) {
       memcpy(cipher->last_iv, IV, AES_GCM_IVLEN);
     } else {
       if(gcry_cipher_setctr(cipher->key[0],IV,16)){
+        gcry_cipher_close(cipher->key[0]);
         SAFE_FREE(cipher->key);
         return -1;
       }
@@ -564,10 +568,12 @@ static int des3_set_key(struct ssh_cipher_struct *cipher, void *key, void *IV) {
       return -1;
     }
     if (gcry_cipher_setkey(cipher->key[0], key, 24)) {
+      gcry_cipher_close(cipher->key[0]);
       SAFE_FREE(cipher->key);
       return -1;
     }
     if (gcry_cipher_setiv(cipher->key[0], IV, 8)) {
+      gcry_cipher_close(cipher->key[0]);
       SAFE_FREE(cipher->key);
       return -1;
     }
-- 
2.20.1

Archive administrator: postmaster@lists.cynapses.org