shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-09 09:54:25 +09:00
Code Issues Packages Projects Releases Wiki Activity

SSH-01-007: Fix possible double free of ssh strings

Browse Source 
Fixes T183

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This commit is contained in:
Andreas Schneider
2019-10-28 12:00:07 +01:00
parent da81b99df1
commit 032f25aab3
1 changed files with 15 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
src/pki_gcrypt.c
View File

@@ -1573,7 +1573,7 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
} }
rc = ssh_buffer_add_ssh_string(buffer, type_s); rc = ssh_buffer_add_ssh_string(buffer, type_s);
ssh_string_free(type_s); SSH_STRING_FREE(type_s);
if (rc < 0) { if (rc < 0) {
ssh_buffer_free(buffer); ssh_buffer_free(buffer);
return NULL; return NULL;
@@ -1631,13 +1631,13 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
} }
ssh_string_burn(p); ssh_string_burn(p);
ssh_string_free(p); SSH_STRING_FREE(p);
ssh_string_burn(g); ssh_string_burn(g);
ssh_string_free(g); SSH_STRING_FREE(g);
ssh_string_burn(q); ssh_string_burn(q);
ssh_string_free(q); SSH_STRING_FREE(q);
ssh_string_burn(n); ssh_string_burn(n);
ssh_string_free(n); SSH_STRING_FREE(n);
break; break;
case SSH_KEYTYPE_RSA: case SSH_KEYTYPE_RSA:
@@ -1667,9 +1667,9 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
} }
ssh_string_burn(e); ssh_string_burn(e);
ssh_string_free(e); SSH_STRING_FREE(e);
ssh_string_burn(n); ssh_string_burn(n);
ssh_string_free(n); SSH_STRING_FREE(n);
break; break;
case SSH_KEYTYPE_ED25519: case SSH_KEYTYPE_ED25519:
@@ -1690,7 +1690,7 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
} }
rc = ssh_buffer_add_ssh_string(buffer, type_s); rc = ssh_buffer_add_ssh_string(buffer, type_s);
ssh_string_free(type_s); SSH_STRING_FREE(type_s);
if (rc < 0) { if (rc < 0) {
ssh_buffer_free(buffer); ssh_buffer_free(buffer);
return NULL; return NULL;
@@ -1709,7 +1709,7 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
} }
ssh_string_burn(e); ssh_string_burn(e);
ssh_string_free(e); SSH_STRING_FREE(e);
e = NULL; e = NULL;
break; break;
#endif #endif
@@ -1735,17 +1735,17 @@ makestring:
fail: fail:
ssh_buffer_free(buffer); ssh_buffer_free(buffer);
ssh_string_burn(str); ssh_string_burn(str);
ssh_string_free(str); SSH_STRING_FREE(str);
ssh_string_burn(e); ssh_string_burn(e);
ssh_string_free(e); SSH_STRING_FREE(e);
ssh_string_burn(p); ssh_string_burn(p);
ssh_string_free(p); SSH_STRING_FREE(p);
ssh_string_burn(g); ssh_string_burn(g);
ssh_string_free(g); SSH_STRING_FREE(g);
ssh_string_burn(q); ssh_string_burn(q);
ssh_string_free(q); SSH_STRING_FREE(q);
ssh_string_burn(n); ssh_string_burn(n);
ssh_string_free(n); SSH_STRING_FREE(n);
return NULL; return NULL;
} }