diff options
author | Jakub Jelen <jjelen@redhat.com> | 2021-01-15 19:23:53 +0100 |
---|---|---|
committer | Jakub Jelen <jjelen@redhat.com> | 2021-08-17 15:46:53 +0200 |
commit | a2a79ec68a7795d884ab61d836d7e8ed9ecc2adc (patch) | |
tree | 81f15d72e7ac81041d40ddd8101ee2ef41b7c51f | |
parent | 08f96dcca66810e11e20c2d2224017191eb48955 (diff) | |
download | libssh-a2a79ec68a7795d884ab61d836d7e8ed9ecc2adc.tar.gz libssh-a2a79ec68a7795d884ab61d836d7e8ed9ecc2adc.tar.xz libssh-a2a79ec68a7795d884ab61d836d7e8ed9ecc2adc.zip |
dh-gex: Avoid memory leaks
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29611
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit ae809b3cbbfde6010cb6cb5e84660af128a8b16a)
-rw-r--r-- | src/dh-gex.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/dh-gex.c b/src/dh-gex.c index 9bf0546a..88a97140 100644 --- a/src/dh-gex.c +++ b/src/dh-gex.c @@ -263,6 +263,8 @@ static SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_reply) bignum_safe_free(server_pubkey); goto error; } + /* The ownership was passed to the crypto structure */ + server_pubkey = NULL; rc = ssh_dh_import_next_pubkey_blob(session, pubkey_blob); SSH_STRING_FREE(pubkey_blob); @@ -293,6 +295,7 @@ static SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_reply) return SSH_PACKET_USED; error: + SSH_STRING_FREE(pubkey_blob); ssh_dh_cleanup(session->next_crypto); session->session_state = SSH_SESSION_STATE_ERROR; |