summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnderson Toshiyuki Sasaki <ansasaki@redhat.com>2019-06-07 19:08:53 +0200
committerAndreas Schneider <asn@cryptomilk.org>2019-06-12 12:37:43 +0200
commit01f404021823a067e3681eb2bccaaa5b72a67e01 (patch)
tree7ee1eae876ecec54476451f82c2982ce211caa66
parent765691195394a0daa8215beb7899b5653247cc08 (diff)
downloadlibssh-01f404021823a067e3681eb2bccaaa5b72a67e01.tar.gz
libssh-01f404021823a067e3681eb2bccaaa5b72a67e01.tar.xz
libssh-01f404021823a067e3681eb2bccaaa5b72a67e01.zip
dh: Avoid segmentation fault in GEX if fallback to known moduli
Make ssh_fallback_group() to duplicate the modulus and generator. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r--src/dh.c16
1 files changed, 12 insertions, 4 deletions
diff --git a/src/dh.c b/src/dh.c
index 10830441..6c698139 100644
--- a/src/dh.c
+++ b/src/dh.c
@@ -571,13 +571,21 @@ int ssh_fallback_group(uint32_t pmax,
*generator = NULL;
if (pmax < 3072) {
- *modulus = ssh_dh_group14;
+ bignum_dup(ssh_dh_group14, modulus);
} else if (pmax < 6144) {
- *modulus = ssh_dh_group16;
+ bignum_dup(ssh_dh_group16, modulus);
} else {
- *modulus = ssh_dh_group18;
+ bignum_dup(ssh_dh_group18, modulus);
+ }
+ if (*modulus == NULL) {
+ return SSH_ERROR;
+ }
+
+ bignum_dup(ssh_dh_generator, generator);
+ if (*generator == NULL) {
+ bignum_safe_free((*modulus));
+ return SSH_ERROR;
}
- *generator = ssh_dh_generator;
return SSH_OK;
}