diff options
author | Dirkjan Bussink <d.bussink@gmail.com> | 2020-12-10 14:01:32 +0000 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2020-12-11 13:32:02 +0100 |
commit | daeee74edd8ac25c1d246d40333e78518574eded (patch) | |
tree | e6646a06bcc8e4338d3a094bcd5af034fe8a0c1f /src/pki_mbedcrypto.c | |
parent | f6a2f6190c2aa047d901547720ae6d1729e1e2c0 (diff) | |
download | libssh-daeee74edd8ac25c1d246d40333e78518574eded.tar.gz libssh-daeee74edd8ac25c1d246d40333e78518574eded.tar.xz libssh-daeee74edd8ac25c1d246d40333e78518574eded.zip |
Add safety checks for all ssh_string_fill calls
These calls can fail and the return code should always be checked. These
issues were identified when code review called it out on new code. The
updates here are to existing code with no behavior changes to make
review simpler.
Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/pki_mbedcrypto.c')
-rw-r--r-- | src/pki_mbedcrypto.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/src/pki_mbedcrypto.c b/src/pki_mbedcrypto.c index cac357f8..720fe1de 100644 --- a/src/pki_mbedcrypto.c +++ b/src/pki_mbedcrypto.c @@ -845,8 +845,13 @@ ssh_string pki_signature_to_blob(const ssh_signature sig) return NULL; } - ssh_string_fill(sig_blob, ssh_buffer_get(b), ssh_buffer_get_len(b)); + rc = ssh_string_fill(sig_blob, ssh_buffer_get(b), ssh_buffer_get_len(b)); SSH_BUFFER_FREE(b); + if (rc < 0) { + SSH_STRING_FREE(sig_blob); + return NULL; + } + break; } case SSH_KEYTYPE_ED25519: @@ -1089,9 +1094,13 @@ static ssh_string rsa_do_sign_hash(const unsigned char *digest, return NULL; } - ssh_string_fill(sig_blob, sig, slen); + ok = ssh_string_fill(sig_blob, sig, slen); explicit_bzero(sig, slen); SAFE_FREE(sig); + if (ok < 0) { + SSH_STRING_FREE(sig_blob); + return NULL; + } return sig_blob; } |