aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorAndreas Schneider <asn@cryptomilk.org>2017-04-25 16:20:06 +0200
committerAndreas Schneider <asn@cryptomilk.org>2017-04-25 16:20:06 +0200
commit7c79b5c154ce2788cf5254a62468fee5112f7640 (patch)
tree0a94632515504ffaab7cb487da6ea109b9d5a434 /src
parent5eb41492c452081b95eecad374a3ddef73cd384c (diff)
downloadlibssh-7c79b5c154ce2788cf5254a62468fee5112f7640.tar.gz
libssh-7c79b5c154ce2788cf5254a62468fee5112f7640.tar.xz
libssh-7c79b5c154ce2788cf5254a62468fee5112f7640.zip
messages: Do not leak memory of previously allocated answers
Found by ozz-fuzz BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1222 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src')
-rw-r--r--src/messages.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/src/messages.c b/src/messages.c
index b953ee6d..3ed912fd 100644
--- a/src/messages.c
+++ b/src/messages.c
@@ -969,6 +969,15 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){
goto error;
}
+ } else if (session->kbdint->nanswers > 0) {
+ uint32_t n;
+
+ for (n = 0; n < session->kbdint->nanswers; n++) {
+ BURN_STRING(session->kbdint->answers[n]);
+ SAFE_FREE(session->kbdint->answers[n]);
+ }
+ SAFE_FREE(session->kbdint->answers);
+ session->kbdint->nanswers = 0;
}
SSH_LOG(SSH_LOG_PACKET,"kbdint: %d answers",nanswers);
@@ -989,7 +998,6 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){
}
session->kbdint->nanswers = nanswers;
- SAFE_FREE(session->kbdint->answers);
session->kbdint->answers = calloc(1, nanswers * sizeof(char *));
if (session->kbdint->answers == NULL) {
session->kbdint->nanswers = 0;
@@ -1010,7 +1018,6 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){
goto error;
}
- SAFE_FREE(session->kbdint->answers[i]);
session->kbdint->answers[i] = ssh_string_to_char(tmp);
ssh_string_free(tmp);
if (session->kbdint->answers[i] == NULL) {