diff options
author | Jon Simons <jon@jonsimons.org> | 2014-10-05 05:59:54 -0700 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2014-12-05 10:42:32 +0100 |
commit | 4745d652b5e71c27fd891edfe690162c0b8d3005 (patch) | |
tree | 42eaa0d31af549788f8f9c91716f8c23a1336fab /src/pki_crypto.c | |
parent | a48711ae7ef890c94e2a824afb899df385c406ee (diff) | |
download | libssh-4745d652b5e71c27fd891edfe690162c0b8d3005.tar.gz libssh-4745d652b5e71c27fd891edfe690162c0b8d3005.tar.xz libssh-4745d652b5e71c27fd891edfe690162c0b8d3005.zip |
pki_crypto.c: plug ecdsa_sig->[r,s] bignum leaks
Per ecdsa(3ssl), ECDSA_SIG_new does allocate its 'r' and 's' bignum fields.
Fix a bug where the initial 'r' and 's' bignums were being overwritten with
newly-allocated bignums, resulting in a memory leak.
BUG: https://red.libssh.org/issues/175
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/pki_crypto.c')
-rw-r--r-- | src/pki_crypto.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/pki_crypto.c b/src/pki_crypto.c index 5706fdf0..6fc471c0 100644 --- a/src/pki_crypto.c +++ b/src/pki_crypto.c @@ -1421,7 +1421,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey, ssh_print_hexa("r", ssh_string_data(r), ssh_string_len(r)); #endif - sig->ecdsa_sig->r = make_string_bn(r); + make_string_bn_inplace(r, sig->ecdsa_sig->r); ssh_string_burn(r); ssh_string_free(r); if (sig->ecdsa_sig->r == NULL) { @@ -1442,7 +1442,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey, ssh_print_hexa("s", ssh_string_data(s), ssh_string_len(s)); #endif - sig->ecdsa_sig->s = make_string_bn(s); + make_string_bn_inplace(s, sig->ecdsa_sig->s); ssh_string_burn(s); ssh_string_free(s); if (sig->ecdsa_sig->s == NULL) { |