dh-gex: Correctly free modulus and generator with openssl

Fixes T176

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

1 files changed, 12 insertions, 6 deletions

diff --git a/src/dh-gex.c b/src/dh-gex.c
index bbd59c75..16ecd1be 100644
--- a/src/dh-gex.c
+++ b/src/dh-gex.c
@@ -107,7 +107,7 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_group)
     int blen;
     bignum pmin1 = NULL, one = NULL;
     bignum_CTX ctx = bignum_ctx_new();
-    bignum modulus, generator;
+    bignum modulus = NULL, generator = NULL;
     const_bignum pubkey;
     (void) type;
     (void) user;
@@ -179,14 +179,18 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_group)
     bignum_ctx_free(ctx);
     ctx = NULL;
 
-    /* all checks passed, set parameters */
+    /* all checks passed, set parameters (the BNs are copied in openssl backend) */
     rc = ssh_dh_set_parameters(session->next_crypto->dh_ctx,
                                modulus, generator);
     if (rc != SSH_OK) {
-        bignum_safe_free(modulus);
-        bignum_safe_free(generator);
         goto error;
     }
+#ifdef HAVE_LIBCRYPTO
+    bignum_safe_free(modulus);
+    bignum_safe_free(generator);
+#endif
+    modulus = NULL;
+    generator = NULL;
 
     /* compute and send DH public parameter */
     rc = ssh_dh_keypair_gen_keys(session->next_crypto->dh_ctx,
@@ -221,6 +225,8 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_group)
     return SSH_PACKET_USED;
 
 error:
+    bignum_safe_free(modulus);
+    bignum_safe_free(generator);
     bignum_safe_free(one);
     bignum_safe_free(pmin1);
     if(!bignum_ctx_invalid(ctx)) {
@@ -642,8 +648,8 @@ static SSH_PACKET_CALLBACK(ssh_packet_server_dhgex_request)
                          generator);
 
 #ifdef HAVE_LIBCRYPTO
-        bignum_safe_free(generator);
-        bignum_safe_free(modulus);
+    bignum_safe_free(generator);
+    bignum_safe_free(modulus);
 #endif
 
     if (rc != SSH_OK) {