shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-12 11:10:28 +09:00
Code Issues Packages Projects Releases Wiki Activity

CVE-2025-8277: Fix memory leak of unused ephemeral key pair after client's wrong KEX guess

Browse Source 
Signed-off-by: Francesco Rollo <eferollo@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Francesco Rollo
2025-07-24 16:30:07 +03:00
committed by Jakub Jelen
parent 4310a696f2
commit ccff22d378
7 changed files with 45 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/curve25519_crypto.c
View File

@@ -79,6 +79,12 @@ int ssh_curve25519_init(ssh_session session)
return SSH_ERROR;
}
/* Free any previously allocated privkey */
if (session->next_crypto->curve25519_privkey != NULL) {
EVP_PKEY_free(session->next_crypto->curve25519_privkey);
session->next_crypto->curve25519_privkey = NULL;
}
session->next_crypto->curve25519_privkey = pkey;
pkey = NULL;