diff options
author | Andreas Schneider <asn@cryptomilk.org> | 2017-04-21 11:12:10 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2017-04-21 11:14:51 +0200 |
commit | ee13becf9c60b13064aaed38c2b2886db542569b (patch) | |
tree | 9543a8d19de9a322c7e1f389104c23c14e40a05e | |
parent | 95b2dbbeca4921b9a91bf431e5db499d848a3c6a (diff) | |
download | libssh-ee13becf9c60b13064aaed38c2b2886db542569b.tar.gz libssh-ee13becf9c60b13064aaed38c2b2886db542569b.tar.xz libssh-ee13becf9c60b13064aaed38c2b2886db542569b.zip |
messages: Do not leak memory if answered had been allocated previously
BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1184
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit c78c6c654222d8049d48ffb3f36f185e91f76789)
-rw-r--r-- | src/messages.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/messages.c b/src/messages.c index 757dea57..671a5c49 100644 --- a/src/messages.c +++ b/src/messages.c @@ -942,7 +942,9 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){ " mismatch: p=%u a=%u", session->kbdint->nprompts, nanswers); } session->kbdint->nanswers = nanswers; - session->kbdint->answers = malloc(nanswers * sizeof(char *)); + + SAFE_FREE(session->kbdint->answers); + session->kbdint->answers = calloc(1, nanswers * sizeof(char *)); if (session->kbdint->answers == NULL) { session->kbdint->nanswers = 0; ssh_set_error_oom(session); @@ -951,7 +953,6 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){ goto error; } - memset(session->kbdint->answers, 0, nanswers * sizeof(char *)); for (i = 0; i < nanswers; i++) { tmp = buffer_get_ssh_string(packet); |