diff options
| author | Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | 2019-06-07 19:08:53 +0200 |
|---|---|---|
| committer | Andreas Schneider <asn@cryptomilk.org> | 2019-06-12 12:37:43 +0200 |
| commit | 01f404021823a067e3681eb2bccaaa5b72a67e01 (patch) | |
| tree | 7ee1eae876ecec54476451f82c2982ce211caa66 /src/dh.c | |
| parent | 765691195394a0daa8215beb7899b5653247cc08 (diff) | |
| download | libssh-01f404021823a067e3681eb2bccaaa5b72a67e01.tar.gz libssh-01f404021823a067e3681eb2bccaaa5b72a67e01.tar.xz libssh-01f404021823a067e3681eb2bccaaa5b72a67e01.zip | |
dh: Avoid segmentation fault in GEX if fallback to known moduli
Make ssh_fallback_group() to duplicate the modulus and generator.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/dh.c')
| -rw-r--r-- | src/dh.c | 16 |
1 files changed, 12 insertions, 4 deletions
@@ -571,13 +571,21 @@ int ssh_fallback_group(uint32_t pmax, *generator = NULL; if (pmax < 3072) { - *modulus = ssh_dh_group14; + bignum_dup(ssh_dh_group14, modulus); } else if (pmax < 6144) { - *modulus = ssh_dh_group16; + bignum_dup(ssh_dh_group16, modulus); } else { - *modulus = ssh_dh_group18; + bignum_dup(ssh_dh_group18, modulus); + } + if (*modulus == NULL) { + return SSH_ERROR; + } + + bignum_dup(ssh_dh_generator, generator); + if (*generator == NULL) { + bignum_safe_free((*modulus)); + return SSH_ERROR; } - *generator = ssh_dh_generator; return SSH_OK; } |