aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJon Simons <jon@jonsimons.org>2019-01-29 16:32:36 -0500
committerAndreas Schneider <asn@cryptomilk.org>2019-01-30 13:22:59 +0100
commitc0102e6a5953789ccda93e8dea956e8cc8a046e9 (patch)
treeeb8565fa7f698fefa9c00d36e490b9b82383230d
parentccd73db90c9ff1c9e945939e78d735f97e525dae (diff)
downloadlibssh-c0102e6a5953789ccda93e8dea956e8cc8a046e9.tar.gz
libssh-c0102e6a5953789ccda93e8dea956e8cc8a046e9.tar.xz
libssh-c0102e6a5953789ccda93e8dea956e8cc8a046e9.zip
pki_crypto: plug pki_signature_from_blob leaks
In 3341f49a49a07cbce003e487ef24a2042e800f01, some direct assignments to OpenSSL structures was replaced with usage of getter and setter macros. Ensure to `bignum_safe_free` a couple of intermediate values in error paths for `pki_signature_from_blob` DSS and ECDSA cases. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r--src/pki_crypto.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index 40ffedfe..c27e8184 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -1657,6 +1657,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
s = ssh_string_new(20);
if (s == NULL) {
+ bignum_safe_free(pr);
ssh_signature_free(sig);
return NULL;
}
@@ -1665,6 +1666,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
ps = ssh_make_string_bn(s);
ssh_string_free(s);
if (ps == NULL) {
+ bignum_safe_free(pr);
ssh_signature_free(sig);
return NULL;
}
@@ -1673,6 +1675,8 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
* object */
rc = DSA_SIG_set0(sig->dsa_sig, pr, ps);
if (rc == 0) {
+ bignum_safe_free(ps);
+ bignum_safe_free(pr);
ssh_signature_free(sig);
return NULL;
}
@@ -1737,6 +1741,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
rlen = ssh_buffer_get_len(b);
ssh_buffer_free(b);
if (s == NULL) {
+ bignum_safe_free(pr);
ssh_signature_free(sig);
return NULL;
}
@@ -1749,6 +1754,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
ssh_string_burn(s);
ssh_string_free(s);
if (ps == NULL) {
+ bignum_safe_free(pr);
ssh_signature_free(sig);
return NULL;
}
@@ -1757,6 +1763,8 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
* ECDSA signature object */
rc = ECDSA_SIG_set0(sig->ecdsa_sig, pr, ps);
if (rc == 0) {
+ bignum_safe_free(ps);
+ bignum_safe_free(pr);
ssh_signature_free(sig);
return NULL;
}