aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJon Simons <jon@jonsimons.org>2019-12-13 19:59:43 -0500
committerJon Simons <jon@jonsimons.org>2019-12-13 20:00:37 -0500
commitb94ecf18bd2bfe558586c461c092ad9d7cdea646 (patch)
treed0a88467aaf2f5acb07b6d6b676b17dca98d2697
parentd2a32ca6d3c40483a6d10340d3e11da9259e1379 (diff)
downloadlibssh-b94ecf18bd2bfe558586c461c092ad9d7cdea646.tar.gz
libssh-b94ecf18bd2bfe558586c461c092ad9d7cdea646.tar.xz
libssh-b94ecf18bd2bfe558586c461c092ad9d7cdea646.zip
curve25519: fix uninitialized arg to EVP_PKEY_derive
Ensure that the `keylen` argument as provided to `EVP_PKEY_derive` is initialized, otherwise depending on stack contents, the function call may fail. Fixes T205. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
-rw-r--r--src/curve25519.c6
1 files changed, 2 insertions, 4 deletions
diff --git a/src/curve25519.c b/src/curve25519.c
index 7a274b69..1d482a71 100644
--- a/src/curve25519.c
+++ b/src/curve25519.c
@@ -179,7 +179,7 @@ static int ssh_curve25519_build_k(ssh_session session)
#ifdef HAVE_OPENSSL_X25519
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL, *pubkey = NULL;
- size_t shared_key_len;
+ size_t shared_key_len = sizeof(k);
int rc;
pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_X25519, NULL,
@@ -240,9 +240,7 @@ static int ssh_curve25519_build_k(ssh_session session)
return SSH_ERROR;
}
- rc = EVP_PKEY_derive(pctx,
- k,
- &shared_key_len);
+ rc = EVP_PKEY_derive(pctx, k, &shared_key_len);
if (rc != 1) {
SSH_LOG(SSH_LOG_TRACE,
"Failed to derive X25519 shared secret: %s",