diff options
author | Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | 2019-05-17 11:41:51 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-05-22 15:31:51 +0200 |
commit | 59ba3f18963c88aa46645437ed937f50a2d91730 (patch) | |
tree | 303e8f5f891d32f48200e542c93e1e03fc205614 /src | |
parent | 38f9802eec067454a421eebfcae087c79bc02c67 (diff) | |
download | libssh-59ba3f18963c88aa46645437ed937f50a2d91730.tar.gz libssh-59ba3f18963c88aa46645437ed937f50a2d91730.tar.xz libssh-59ba3f18963c88aa46645437ed937f50a2d91730.zip |
dh-gex: Fix memory leak in DH GEX with OpenSSL
When using OpenSSL, the bignums generated during group exchange are
duplicated and don't transfer the memory management responsibility to
the back-end. The original generated bignums can be freed.
The leak was detectable by running:
$ valgrind --leak-check=full ./tests/pkd/pkd_hello -i1 \
-t torture_pkd_openssh_rsa_rsa_diffie_hellman_group_exchange_sha256
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/dh-gex.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/dh-gex.c b/src/dh-gex.c index 26c4f9d8..994a5cbc 100644 --- a/src/dh-gex.c +++ b/src/dh-gex.c @@ -634,6 +634,12 @@ static SSH_PACKET_CALLBACK(ssh_packet_server_dhgex_request) SSH2_MSG_KEX_DH_GEX_GROUP, modulus, generator); + +#ifdef HAVE_LIBCRYPTO + bignum_safe_free(generator); + bignum_safe_free(modulus); +#endif + if (rc != SSH_OK) { ssh_set_error_invalid(session); goto error; |