pki_crypto.c: plug ecdsa_sig->[r,s] bignum leaks

Per ecdsa(3ssl), ECDSA_SIG_new does allocate its 'r' and 's' bignum fields. Fix a bug where the initial 'r' and 's' bignums were being overwritten with newly-allocated bignums, resulting in a memory leak. BUG: https://red.libssh.org/issues/175 Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 4745d652b5)
2026-02-04 12:20:42 +09:00 · 2014-10-05 05:59:54 -07:00
parent 32a3cfe661
commit 5d75090d9f
3 changed files with 12 additions and 3 deletions
--- a/include/libssh/dh.h
+++ b/include/libssh/dh.h
@@ -49,7 +49,7 @@ int hashbufin_add_cookie(ssh_session session, unsigned char *cookie);
 int hashbufout_add_cookie(ssh_session session);
 int generate_session_keys(ssh_session session);
 bignum make_string_bn(ssh_string string);
+void make_string_bn_inplace(ssh_string string, bignum bnout);
 ssh_string make_bignum_string(bignum num);

-
 #endif /* DH_H_ */
--- a/src/dh.c
+++ b/src/dh.c
@@ -407,6 +407,15 @@ bignum make_string_bn(ssh_string string){
  return bn;
 }

+void make_string_bn_inplace(ssh_string string, bignum bnout) {
+  unsigned int len = ssh_string_len(string);
+#ifdef HAVE_LIBGCRYPT
+  #error "unsupported"
+#elif defined HAVE_LIBCRYPTO
+  bignum_bin2bn(string->data, len, bnout);
+#endif
+}
+
 ssh_string dh_get_e(ssh_session session) {
  return make_bignum_string(session->next_crypto->e);
 }
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -1397,7 +1397,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
                ssh_print_hexa("r", ssh_string_data(r), ssh_string_len(r));
 #endif

-                sig->ecdsa_sig->r = make_string_bn(r);
+                make_string_bn_inplace(r, sig->ecdsa_sig->r);
                ssh_string_burn(r);
                ssh_string_free(r);
                if (sig->ecdsa_sig->r == NULL) {
@@ -1418,7 +1418,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
                ssh_print_hexa("s", ssh_string_data(s), ssh_string_len(s));
 #endif

-                sig->ecdsa_sig->s = make_string_bn(s);
+                make_string_bn_inplace(s, sig->ecdsa_sig->s);
                ssh_string_burn(s);
                ssh_string_free(s);
                if (sig->ecdsa_sig->s == NULL) {