CVE-2025-8277: ecdh: Free previously allocated pubkeys

Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit c9d95ab0c7)
2026-02-04 12:20:42 +09:00 · 2025-08-06 11:10:38 +02:00
parent 266174a6d3
commit 8e4d67aa9e
2 changed files with 3 additions and 1 deletions
--- a/src/ecdh_crypto.c
+++ b/src/ecdh_crypto.c
@@ -230,6 +230,7 @@ int ssh_client_ecdh_init(ssh_session session)
        return SSH_ERROR;
    }

+    ssh_string_free(session->next_crypto->ecdh_client_pubkey);
    session->next_crypto->ecdh_client_pubkey = client_pubkey;

    /* register the packet callbacks */
--- a/src/ecdh_gcrypt.c
+++ b/src/ecdh_gcrypt.c
@@ -106,9 +106,10 @@ int ssh_client_ecdh_init(ssh_session session)
        gcry_sexp_release(session->next_crypto->ecdh_privkey);
        session->next_crypto->ecdh_privkey = NULL;
    }
-
    session->next_crypto->ecdh_privkey = key;
    key = NULL;
+
+    SSH_STRING_FREE(session->next_crypto->ecdh_client_pubkey);
    session->next_crypto->ecdh_client_pubkey = client_pubkey;
    client_pubkey = NULL;