diff options
author | Andreas Schneider <asn@cryptomilk.org> | 2012-10-05 15:07:17 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2012-11-14 17:11:03 +0100 |
commit | d63f19c3000f8bc699ba99814bec9d7ddf6a5b20 (patch) | |
tree | f3affb5cae680130e7e7ab4cf0572e1039788136 | |
parent | 455da60846d68c508f7fed5b381097b364647425 (diff) | |
download | libssh-d63f19c3000f8bc699ba99814bec9d7ddf6a5b20.tar.gz libssh-d63f19c3000f8bc699ba99814bec9d7ddf6a5b20.tar.xz libssh-d63f19c3000f8bc699ba99814bec9d7ddf6a5b20.zip |
CVE-2012-4561: Fix possible free's on invalid pointers.
-rw-r--r-- | src/keys.c | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -88,6 +88,7 @@ ssh_public_key publickey_make_dss(ssh_session session, ssh_buffer buffer) { ssh_buffer_free(buffer); return NULL; } + ZERO_STRUCTP(key); key->type = SSH_KEYTYPE_DSS; key->type_c = ssh_type_to_char(key->type); @@ -173,6 +174,7 @@ ssh_public_key publickey_make_rsa(ssh_session session, ssh_buffer buffer, ssh_buffer_free(buffer); return NULL; } + ZERO_STRUCTP(key); key->type = type; key->type_c = ssh_type_to_char(key->type); @@ -897,6 +899,7 @@ SIGNATURE *signature_from_string(ssh_session session, ssh_string signature, ssh_set_error(session, SSH_FATAL, "Not enough space"); return NULL; } + ZERO_STRUCTP(sign); tmpbuf = ssh_buffer_new(); if (tmpbuf == NULL) { @@ -1280,6 +1283,7 @@ ssh_string ssh_do_sign(ssh_session session, ssh_buffer sigbuf, if (sign == NULL) { return NULL; } + ZERO_STRUCTP(sign); switch(privatekey->type) { case SSH_KEYTYPE_DSS: @@ -1436,6 +1440,7 @@ ssh_string ssh_sign_session_id(ssh_session session, ssh_private_key privatekey) if (sign == NULL) { return NULL; } + ZERO_STRUCTP(sign); switch(privatekey->type) { case SSH_KEYTYPE_DSS: |