shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-04 20:30:38 +09:00
Code Issues Packages Projects Releases Wiki Activity

Clean memory on failure paths

Browse Source 
Thanks oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28490

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 95a4651d86)
This commit is contained in:
Jakub Jelen
2021-01-07 15:54:00 +01:00
parent 435f45291d
commit 08f96dcca6
2 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/dh.c
View File

@@ -361,6 +361,7 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dh_reply){
rc = ssh_dh_keypair_set_keys(crypto->dh_ctx, DH_SERVER_KEYPAIR,
NULL, server_pubkey);
if (rc != SSH_OK) {
SSH_STRING_FREE(pubkey_blob);
bignum_safe_free(server_pubkey);
goto error;
}

9
src/packet_cb.c
View File

@@ -129,6 +129,8 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){
}
rc = ssh_pki_import_signature_blob(sig_blob, server_key, &sig);
ssh_string_burn(sig_blob);
SSH_STRING_FREE(sig_blob);
if (rc != SSH_OK) {
goto error;
}
@@ -152,9 +154,7 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){
server_key,
session->next_crypto->secret_hash,
session->next_crypto->digest_len);
ssh_string_burn(sig_blob);
SSH_STRING_FREE(sig_blob);
ssh_signature_free(sig);
SSH_SIGNATURE_FREE(sig);
if (rc == SSH_ERROR) {
goto error;
}
@@ -170,6 +170,9 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){
session->ssh_connection_callback(session);
return SSH_PACKET_USED;
error:
SSH_SIGNATURE_FREE(sig);
ssh_string_burn(sig_blob);
SSH_STRING_FREE(sig_blob);
session->session_state = SSH_SESSION_STATE_ERROR;
return SSH_PACKET_USED;
}