aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Schneider <asn@cryptomilk.org>2013-11-09 13:20:13 +0100
committerAndreas Schneider <asn@cryptomilk.org>2013-11-09 13:20:13 +0100
commit6d7bbe63fe68dd2bbc17d488ccc59d40cb9d8ba5 (patch)
treef3ccd5ad902f16a0d9b2dd64d4f2db600d24caf8
parent387e26c837425801c86902d295797f08b2e2d8b3 (diff)
downloadlibssh-6d7bbe63fe68dd2bbc17d488ccc59d40cb9d8ba5.tar.gz
libssh-6d7bbe63fe68dd2bbc17d488ccc59d40cb9d8ba5.tar.xz
libssh-6d7bbe63fe68dd2bbc17d488ccc59d40cb9d8ba5.zip
dh: Avoid possible memory leaks with realloc.
-rw-r--r--src/dh.c17
1 files changed, 13 insertions, 4 deletions
diff --git a/src/dh.c b/src/dh.c
index 5ebbc91e..c9e20f97 100644
--- a/src/dh.c
+++ b/src/dh.c
@@ -869,6 +869,7 @@ int generate_session_keys(ssh_session session) {
ssh_string k_string = NULL;
ssh_mac_ctx ctx = NULL;
struct ssh_crypto_struct *crypto = session->next_crypto;
+ unsigned char *tmp;
int rc = -1;
k_string = make_bignum_string(crypto->k);
@@ -924,9 +925,12 @@ int generate_session_keys(ssh_session session) {
/* some ciphers need more than DIGEST_LEN bytes of input key */
if (crypto->out_cipher->keysize > crypto->digest_len * 8) {
- crypto->encryptkey = realloc(crypto->encryptkey, crypto->digest_len * 2);
- if(crypto->encryptkey == NULL)
- goto error;
+ tmp = realloc(crypto->encryptkey, crypto->digest_len * 2);
+ if (tmp == NULL) {
+ goto error;
+ }
+ crypto->encryptkey = tmp;
+
ctx = ssh_mac_ctx_init(crypto->mac_type);
if (ctx == NULL) {
goto error;
@@ -939,7 +943,12 @@ int generate_session_keys(ssh_session session) {
}
if (crypto->in_cipher->keysize > crypto->digest_len * 8) {
- crypto->decryptkey = realloc(crypto->decryptkey, crypto->digest_len *2);
+ tmp = realloc(crypto->decryptkey, crypto->digest_len *2);
+ if (tmp == NULL) {
+ goto error;
+ }
+ tmp = crypto->decryptkey;
+
if(crypto->decryptkey == NULL)
goto error;
ctx = ssh_mac_ctx_init(crypto->mac_type);