aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Schneider <asn@cryptomilk.org>2020-02-11 11:52:33 +0100
committerAndreas Schneider <asn@cryptomilk.org>2020-04-09 09:35:40 +0200
commitec853bb86a2ceda262fccb6db82723687d671075 (patch)
tree840a192ebbc9d5d868cf52e98b8ecf37123594f7
parent7850307210590a9a1b03ab0273d29b3926a974c5 (diff)
downloadlibssh-ec853bb86a2ceda262fccb6db82723687d671075.tar.gz
libssh-ec853bb86a2ceda262fccb6db82723687d671075.tar.xz
libssh-ec853bb86a2ceda262fccb6db82723687d671075.zip
CVE-2020-1730: Fix a possible segfault when zeroing AES-CTR key
Fixes T213 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> (cherry picked from commit b36272eac1b36982598c10de7af0a501582de07a)
-rw-r--r--src/libcrypto.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/src/libcrypto.c b/src/libcrypto.c
index a7eadb47..daab2715 100644
--- a/src/libcrypto.c
+++ b/src/libcrypto.c
@@ -641,8 +641,12 @@ static void aes_ctr_encrypt(struct ssh_cipher_struct *cipher, void *in, void *ou
}
static void aes_ctr_cleanup(struct ssh_cipher_struct *cipher){
- explicit_bzero(cipher->aes_key, sizeof(*cipher->aes_key));
- SAFE_FREE(cipher->aes_key);
+ if (cipher != NULL) {
+ if (cipher->aes_key != NULL) {
+ explicit_bzero(cipher->aes_key, sizeof(*cipher->aes_key));
+ }
+ SAFE_FREE(cipher->aes_key);
+ }
}
#endif /* HAVE_OPENSSL_EVP_AES_CTR */