aboutsummaryrefslogtreecommitdiff
path: root/src/pki_crypto.c
diff options
context:
space:
mode:
authorJon Simons <jon@jonsimons.org>2014-10-05 05:59:54 -0700
committerAndreas Schneider <asn@cryptomilk.org>2014-12-05 10:42:32 +0100
commit4745d652b5e71c27fd891edfe690162c0b8d3005 (patch)
tree42eaa0d31af549788f8f9c91716f8c23a1336fab /src/pki_crypto.c
parenta48711ae7ef890c94e2a824afb899df385c406ee (diff)
downloadlibssh-4745d652b5e71c27fd891edfe690162c0b8d3005.tar.gz
libssh-4745d652b5e71c27fd891edfe690162c0b8d3005.tar.xz
libssh-4745d652b5e71c27fd891edfe690162c0b8d3005.zip
pki_crypto.c: plug ecdsa_sig->[r,s] bignum leaks
Per ecdsa(3ssl), ECDSA_SIG_new does allocate its 'r' and 's' bignum fields. Fix a bug where the initial 'r' and 's' bignums were being overwritten with newly-allocated bignums, resulting in a memory leak. BUG: https://red.libssh.org/issues/175 Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/pki_crypto.c')
-rw-r--r--src/pki_crypto.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index 5706fdf0..6fc471c0 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -1421,7 +1421,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
ssh_print_hexa("r", ssh_string_data(r), ssh_string_len(r));
#endif
- sig->ecdsa_sig->r = make_string_bn(r);
+ make_string_bn_inplace(r, sig->ecdsa_sig->r);
ssh_string_burn(r);
ssh_string_free(r);
if (sig->ecdsa_sig->r == NULL) {
@@ -1442,7 +1442,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
ssh_print_hexa("s", ssh_string_data(s), ssh_string_len(s));
#endif
- sig->ecdsa_sig->s = make_string_bn(s);
+ make_string_bn_inplace(s, sig->ecdsa_sig->s);
ssh_string_burn(s);
ssh_string_free(s);
if (sig->ecdsa_sig->s == NULL) {