shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-28 07:13:54 +09:00
Code Issues Packages Projects Releases Wiki Activity

gss-kex: Fix memory leaks in ssh_gssapi_check_client_config

Browse Source 
Upon unsuccessful alloc of the gssapi context, the function
would return early without freeing the supported OID set.

With opts->gss_client_identity enabled, the function would
not free the client_id allocated by gss_import_name.

Signed-off-by: Pavol Žáčik <pzacik@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This commit is contained in:
Pavol Žáčik
2026-02-13 11:34:32 +01:00
committed by Jakub Jelen
parent 47e9b5536a
commit 0bff33c790
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/gssapi.c
View File

@@ -731,7 +731,8 @@ int ssh_gssapi_check_client_config(ssh_session session)
gssapi = calloc(1, sizeof(struct ssh_gssapi_struct)); gssapi = calloc(1, sizeof(struct ssh_gssapi_struct));
if (gssapi == NULL) { if (gssapi == NULL) {
ssh_set_error_oom(session); ssh_set_error_oom(session);
return SSH_ERROR; ret = SSH_ERROR;
break;
} }
gssapi->server_creds = GSS_C_NO_CREDENTIAL; gssapi->server_creds = GSS_C_NO_CREDENTIAL;
gssapi->client_creds = GSS_C_NO_CREDENTIAL; gssapi->client_creds = GSS_C_NO_CREDENTIAL;
@@ -820,6 +821,11 @@ int ssh_gssapi_check_client_config(ssh_session session)
gss_release_buffer(&min_stat, &output_token); gss_release_buffer(&min_stat, &output_token);
gss_delete_sec_context(&min_stat, &gssapi->ctx, GSS_C_NO_BUFFER); gss_delete_sec_context(&min_stat, &gssapi->ctx, GSS_C_NO_BUFFER);
if (client_id != GSS_C_NO_NAME) {
gss_release_name(&min_stat, &client_id);
client_id = GSS_C_NO_NAME;
}
SAFE_FREE(gssapi->canonic_user); SAFE_FREE(gssapi->canonic_user);
SAFE_FREE(gssapi); SAFE_FREE(gssapi);