aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJakub Jelen <jjelen@redhat.com>2021-01-15 19:23:53 +0100
committerJakub Jelen <jjelen@redhat.com>2021-08-17 15:46:53 +0200
commita2a79ec68a7795d884ab61d836d7e8ed9ecc2adc (patch)
tree81f15d72e7ac81041d40ddd8101ee2ef41b7c51f
parent08f96dcca66810e11e20c2d2224017191eb48955 (diff)
downloadlibssh-a2a79ec68a7795d884ab61d836d7e8ed9ecc2adc.tar.gz
libssh-a2a79ec68a7795d884ab61d836d7e8ed9ecc2adc.tar.xz
libssh-a2a79ec68a7795d884ab61d836d7e8ed9ecc2adc.zip
dh-gex: Avoid memory leaks
Thanks oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29611 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit ae809b3cbbfde6010cb6cb5e84660af128a8b16a)
-rw-r--r--src/dh-gex.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/src/dh-gex.c b/src/dh-gex.c
index 9bf0546a..88a97140 100644
--- a/src/dh-gex.c
+++ b/src/dh-gex.c
@@ -263,6 +263,8 @@ static SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_reply)
bignum_safe_free(server_pubkey);
goto error;
}
+ /* The ownership was passed to the crypto structure */
+ server_pubkey = NULL;
rc = ssh_dh_import_next_pubkey_blob(session, pubkey_blob);
SSH_STRING_FREE(pubkey_blob);
@@ -293,6 +295,7 @@ static SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_reply)
return SSH_PACKET_USED;
error:
+ SSH_STRING_FREE(pubkey_blob);
ssh_dh_cleanup(session->next_crypto);
session->session_state = SSH_SESSION_STATE_ERROR;