diff options
| author | Andreas Schneider <asn@cryptomilk.org> | 2012-10-05 14:33:29 +0200 |
|---|---|---|
| committer | Andreas Schneider <asn@cryptomilk.org> | 2012-11-14 17:11:03 +0100 |
| commit | 1471f2c67a23602898e783c97b65aea9cc6356a4 (patch) | |
| tree | b7713e36a71a5387b7882ac78e11799e162f6692 | |
| parent | b485463197cd220aa654e7fc34a18d68af37e6e7 (diff) | |
| download | libssh-1471f2c67a23602898e783c97b65aea9cc6356a4.tar.gz libssh-1471f2c67a23602898e783c97b65aea9cc6356a4.tar.xz libssh-1471f2c67a23602898e783c97b65aea9cc6356a4.zip | |
CVE-2012-4559: Ensure we don't free blob or request twice.
| -rw-r--r-- | src/agent.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/agent.c b/src/agent.c index c3d13c81..5b0dba05 100644 --- a/src/agent.c +++ b/src/agent.c @@ -439,6 +439,7 @@ ssh_string agent_sign_data(struct ssh_session_struct *session, } ssh_string_free(blob); + blob = NULL; reply = ssh_buffer_new(); if (reply == NULL) { @@ -451,6 +452,7 @@ ssh_string agent_sign_data(struct ssh_session_struct *session, return NULL; } ssh_buffer_free(request); + request = NULL; /* check if reply is valid */ if (buffer_get_u8(reply, (uint8_t *) &type) != sizeof(uint8_t)) { |