From 59ba3f18963c88aa46645437ed937f50a2d91730 Mon Sep 17 00:00:00 2001
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date: Fri, 17 May 2019 11:41:51 +0200
Subject: [PATCH] dh-gex: Fix memory leak in DH GEX with OpenSSL

When using OpenSSL, the bignums generated during group exchange are
duplicated and don't transfer the memory management responsibility to
the back-end.  The original generated bignums can be freed.

The leak was detectable by running:

$ valgrind --leak-check=full ./tests/pkd/pkd_hello -i1 \
    -t torture_pkd_openssh_rsa_rsa_diffie_hellman_group_exchange_sha256

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/dh-gex.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/dh-gex.c b/src/dh-gex.c
index 26c4f9d8..994a5cbc 100644
--- a/src/dh-gex.c
+++ b/src/dh-gex.c
@@ -634,6 +634,12 @@ static SSH_PACKET_CALLBACK(ssh_packet_server_dhgex_request)
                          SSH2_MSG_KEX_DH_GEX_GROUP,
                          modulus,
                          generator);
+
+#ifdef HAVE_LIBCRYPTO
+        bignum_safe_free(generator);
+        bignum_safe_free(modulus);
+#endif
+
     if (rc != SSH_OK) {
         ssh_set_error_invalid(session);
         goto error;