shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-10 10:26:47 +09:00
Code Issues Packages Projects Releases Wiki Activity

messages: Do not leak memory if answered had been allocated previously

Browse Source 
BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1184

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit c78c6c6542)
This commit is contained in:
Andreas Schneider
2017-04-21 11:12:10 +02:00
parent 95b2dbbeca
commit ee13becf9c
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/messages.c
View File

@@ -942,7 +942,9 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){
" mismatch: p=%u a=%u", session->kbdint->nprompts, nanswers); " mismatch: p=%u a=%u", session->kbdint->nprompts, nanswers);
} }
session->kbdint->nanswers = nanswers; session->kbdint->nanswers = nanswers;
session->kbdint->answers = malloc(nanswers * sizeof(char *));
SAFE_FREE(session->kbdint->answers);
session->kbdint->answers = calloc(1, nanswers * sizeof(char *));
if (session->kbdint->answers == NULL) { if (session->kbdint->answers == NULL) {
session->kbdint->nanswers = 0; session->kbdint->nanswers = 0;
ssh_set_error_oom(session); ssh_set_error_oom(session);
@@ -951,7 +953,6 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){
goto error; goto error;
} }
memset(session->kbdint->answers, 0, nanswers * sizeof(char *));
for (i = 0; i < nanswers; i++) { for (i = 0; i < nanswers; i++) {
tmp = buffer_get_ssh_string(packet); tmp = buffer_get_ssh_string(packet);