aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorAnderson Toshiyuki Sasaki <ansasaki@redhat.com>2019-05-17 11:41:51 +0200
committerAndreas Schneider <asn@cryptomilk.org>2019-05-22 15:31:51 +0200
commit59ba3f18963c88aa46645437ed937f50a2d91730 (patch)
tree303e8f5f891d32f48200e542c93e1e03fc205614 /src
parent38f9802eec067454a421eebfcae087c79bc02c67 (diff)
downloadlibssh-59ba3f18963c88aa46645437ed937f50a2d91730.tar.gz
libssh-59ba3f18963c88aa46645437ed937f50a2d91730.tar.xz
libssh-59ba3f18963c88aa46645437ed937f50a2d91730.zip
dh-gex: Fix memory leak in DH GEX with OpenSSL
When using OpenSSL, the bignums generated during group exchange are duplicated and don't transfer the memory management responsibility to the back-end. The original generated bignums can be freed. The leak was detectable by running: $ valgrind --leak-check=full ./tests/pkd/pkd_hello -i1 \ -t torture_pkd_openssh_rsa_rsa_diffie_hellman_group_exchange_sha256 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src')
-rw-r--r--src/dh-gex.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/src/dh-gex.c b/src/dh-gex.c
index 26c4f9d8..994a5cbc 100644
--- a/src/dh-gex.c
+++ b/src/dh-gex.c
@@ -634,6 +634,12 @@ static SSH_PACKET_CALLBACK(ssh_packet_server_dhgex_request)
SSH2_MSG_KEX_DH_GEX_GROUP,
modulus,
generator);
+
+#ifdef HAVE_LIBCRYPTO
+ bignum_safe_free(generator);
+ bignum_safe_free(modulus);
+#endif
+
if (rc != SSH_OK) {
ssh_set_error_invalid(session);
goto error;