diff options
author | Andreas Schneider <asn@cryptomilk.org> | 2017-04-26 10:55:25 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2017-04-26 10:55:25 +0200 |
commit | abbd6e304ae5e678766f1c97012cb53c12757d96 (patch) | |
tree | ece261d5424439d6d072c64a421f2ac4f5dd9881 /src/messages.c | |
parent | 7c79b5c154ce2788cf5254a62468fee5112f7640 (diff) | |
download | libssh-abbd6e304ae5e678766f1c97012cb53c12757d96.tar.gz libssh-abbd6e304ae5e678766f1c97012cb53c12757d96.tar.xz libssh-abbd6e304ae5e678766f1c97012cb53c12757d96.zip |
messages: Make sure we always free the answers pointer
Found by ozz-fuzz
BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1272
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/messages.c')
-rw-r--r-- | src/messages.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/messages.c b/src/messages.c index 3ed912fd..4e4141e0 100644 --- a/src/messages.c +++ b/src/messages.c @@ -969,7 +969,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){ goto error; } - } else if (session->kbdint->nanswers > 0) { + } else if (session->kbdint->answers != NULL) { uint32_t n; for (n = 0; n < session->kbdint->nanswers; n++) { @@ -998,7 +998,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){ } session->kbdint->nanswers = nanswers; - session->kbdint->answers = calloc(1, nanswers * sizeof(char *)); + session->kbdint->answers = calloc(nanswers, sizeof(char *)); if (session->kbdint->answers == NULL) { session->kbdint->nanswers = 0; ssh_set_error_oom(session); |