aboutsummaryrefslogtreecommitdiff
path: root/src/agent.c
diff options
context:
space:
mode:
authorAndreas Schneider <asn@cryptomilk.org>2013-06-19 12:24:00 +0200
committerAndreas Schneider <asn@cryptomilk.org>2013-06-19 12:24:00 +0200
commitaed9d7a84da4fb4c9e0934475655811416684902 (patch)
tree8edabd143d0c082c87df7e6e5a7cbec5cd870f2a /src/agent.c
parentf0a362fdbe525cd938efaf0ff9afab3903e82cdf (diff)
downloadlibssh-aed9d7a84da4fb4c9e0934475655811416684902.tar.gz
libssh-aed9d7a84da4fb4c9e0934475655811416684902.tar.xz
libssh-aed9d7a84da4fb4c9e0934475655811416684902.zip
agent: Fix a possible memory leak.
Diffstat (limited to 'src/agent.c')
-rw-r--r--src/agent.c21
1 files changed, 16 insertions, 5 deletions
diff --git a/src/agent.c b/src/agent.c
index 897641b1..b962a8e3 100644
--- a/src/agent.c
+++ b/src/agent.c
@@ -271,6 +271,7 @@ int ssh_agent_get_ident_count(struct ssh_session_struct *session) {
unsigned int type = 0;
unsigned int c1 = 0, c2 = 0;
uint8_t buf[4] = {0};
+ int rc;
switch (session->version) {
case 1:
@@ -312,16 +313,26 @@ int ssh_agent_get_ident_count(struct ssh_session_struct *session) {
ssh_buffer_free(request);
/* get message type and verify the answer */
- buffer_get_u8(reply, (uint8_t *) &type);
+ rc = buffer_get_u8(reply, (uint8_t *) &type);
+ if (rc != sizeof(uint8_t)) {
+ ssh_set_error(session, SSH_FATAL,
+ "Bad authentication reply size: %d", rc);
+ ssh_buffer_free(reply);
+ return -1;
+ }
+
SSH_LOG(session, SSH_LOG_WARN,
"Answer type: %d, expected answer: %d",
type, c2);
+
if (agent_failed(type)) {
- return 0;
+ ssh_buffer_free(reply);
+ return 0;
} else if (type != c2) {
- ssh_set_error(session, SSH_FATAL,
- "Bad authentication reply message type: %d", type);
- return -1;
+ ssh_set_error(session, SSH_FATAL,
+ "Bad authentication reply message type: %d", type);
+ ssh_buffer_free(reply);
+ return -1;
}
buffer_get_u32(reply, (uint32_t *) buf);