shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-09 18:04:25 +09:00
Code Issues Packages Projects Releases Wiki Activity

Clean memory on failure paths

Browse Source 
Thanks oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28490

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Jakub Jelen
2021-01-07 15:54:00 +01:00
parent 832abe7f4a
commit 95a4651d86
2 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/dh.c
View File

@@ -361,6 +361,7 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dh_reply){
rc = ssh_dh_keypair_set_keys(crypto->dh_ctx, DH_SERVER_KEYPAIR, rc = ssh_dh_keypair_set_keys(crypto->dh_ctx, DH_SERVER_KEYPAIR,
NULL, server_pubkey); NULL, server_pubkey);
if (rc != SSH_OK) { if (rc != SSH_OK) {
SSH_STRING_FREE(pubkey_blob);
bignum_safe_free(server_pubkey); bignum_safe_free(server_pubkey);
goto error; goto error;
} }

9
src/packet_cb.c
View File

@@ -129,6 +129,8 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){
} }
rc = ssh_pki_import_signature_blob(sig_blob, server_key, &sig); rc = ssh_pki_import_signature_blob(sig_blob, server_key, &sig);
ssh_string_burn(sig_blob);
SSH_STRING_FREE(sig_blob);
if (rc != SSH_OK) { if (rc != SSH_OK) {
goto error; goto error;
} }
@@ -152,9 +154,7 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){
server_key, server_key,
session->next_crypto->secret_hash, session->next_crypto->secret_hash,
session->next_crypto->digest_len); session->next_crypto->digest_len);
ssh_string_burn(sig_blob); SSH_SIGNATURE_FREE(sig);
SSH_STRING_FREE(sig_blob);
ssh_signature_free(sig);
if (rc == SSH_ERROR) { if (rc == SSH_ERROR) {
goto error; goto error;
} }
@@ -170,6 +170,9 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){
session->ssh_connection_callback(session); session->ssh_connection_callback(session);
return SSH_PACKET_USED; return SSH_PACKET_USED;
error: error:
SSH_SIGNATURE_FREE(sig);
ssh_string_burn(sig_blob);
SSH_STRING_FREE(sig_blob);
session->session_state = SSH_SESSION_STATE_ERROR; session->session_state = SSH_SESSION_STATE_ERROR;
return SSH_PACKET_USED; return SSH_PACKET_USED;
} }