diff options
| author | Andreas Schneider <asn@cryptomilk.org> | 2017-04-25 16:20:06 +0200 |
|---|---|---|
| committer | Andreas Schneider <asn@cryptomilk.org> | 2017-04-25 16:20:06 +0200 |
| commit | 7c79b5c154ce2788cf5254a62468fee5112f7640 (patch) | |
| tree | 0a94632515504ffaab7cb487da6ea109b9d5a434 /src | |
| parent | 5eb41492c452081b95eecad374a3ddef73cd384c (diff) | |
| download | libssh-7c79b5c154ce2788cf5254a62468fee5112f7640.tar.gz libssh-7c79b5c154ce2788cf5254a62468fee5112f7640.tar.xz libssh-7c79b5c154ce2788cf5254a62468fee5112f7640.zip | |
messages: Do not leak memory of previously allocated answers
Found by ozz-fuzz
BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1222
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/messages.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/src/messages.c b/src/messages.c index b953ee6d..3ed912fd 100644 --- a/src/messages.c +++ b/src/messages.c @@ -969,6 +969,15 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){ goto error; } + } else if (session->kbdint->nanswers > 0) { + uint32_t n; + + for (n = 0; n < session->kbdint->nanswers; n++) { + BURN_STRING(session->kbdint->answers[n]); + SAFE_FREE(session->kbdint->answers[n]); + } + SAFE_FREE(session->kbdint->answers); + session->kbdint->nanswers = 0; } SSH_LOG(SSH_LOG_PACKET,"kbdint: %d answers",nanswers); @@ -989,7 +998,6 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){ } session->kbdint->nanswers = nanswers; - SAFE_FREE(session->kbdint->answers); session->kbdint->answers = calloc(1, nanswers * sizeof(char *)); if (session->kbdint->answers == NULL) { session->kbdint->nanswers = 0; @@ -1010,7 +1018,6 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){ goto error; } - SAFE_FREE(session->kbdint->answers[i]); session->kbdint->answers[i] = ssh_string_to_char(tmp); ssh_string_free(tmp); if (session->kbdint->answers[i] == NULL) { |