aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Schneider <asn@cryptomilk.org>2017-04-21 11:12:10 +0200
committerAndreas Schneider <asn@cryptomilk.org>2017-04-21 11:14:51 +0200
commitee13becf9c60b13064aaed38c2b2886db542569b (patch)
tree9543a8d19de9a322c7e1f389104c23c14e40a05e
parent95b2dbbeca4921b9a91bf431e5db499d848a3c6a (diff)
downloadlibssh-ee13becf9c60b13064aaed38c2b2886db542569b.tar.gz
libssh-ee13becf9c60b13064aaed38c2b2886db542569b.tar.xz
libssh-ee13becf9c60b13064aaed38c2b2886db542569b.zip
messages: Do not leak memory if answered had been allocated previously
BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1184 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit c78c6c654222d8049d48ffb3f36f185e91f76789)
-rw-r--r--src/messages.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/src/messages.c b/src/messages.c
index 757dea57..671a5c49 100644
--- a/src/messages.c
+++ b/src/messages.c
@@ -942,7 +942,9 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){
" mismatch: p=%u a=%u", session->kbdint->nprompts, nanswers);
}
session->kbdint->nanswers = nanswers;
- session->kbdint->answers = malloc(nanswers * sizeof(char *));
+
+ SAFE_FREE(session->kbdint->answers);
+ session->kbdint->answers = calloc(1, nanswers * sizeof(char *));
if (session->kbdint->answers == NULL) {
session->kbdint->nanswers = 0;
ssh_set_error_oom(session);
@@ -951,7 +953,6 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){
goto error;
}
- memset(session->kbdint->answers, 0, nanswers * sizeof(char *));
for (i = 0; i < nanswers; i++) {
tmp = buffer_get_ssh_string(packet);