From c78c6c654222d8049d48ffb3f36f185e91f76789 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Fri, 21 Apr 2017 11:12:10 +0200
Subject: messages: Do not leak memory if answered had been allocated
 previously

BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1184

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/messages.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/messages.c b/src/messages.c
index 8568cbf8..199ec4cd 100644
--- a/src/messages.c
+++ b/src/messages.c
@@ -988,7 +988,9 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){
                 " mismatch: p=%u a=%u", session->kbdint->nprompts, nanswers);
   }
   session->kbdint->nanswers = nanswers;
-  session->kbdint->answers = malloc(nanswers * sizeof(char *));
+
+  SAFE_FREE(session->kbdint->answers);
+  session->kbdint->answers = calloc(1, nanswers * sizeof(char *));
   if (session->kbdint->answers == NULL) {
     session->kbdint->nanswers = 0;
     ssh_set_error_oom(session);
@@ -997,7 +999,6 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){
 
     goto error;
   }
-  memset(session->kbdint->answers, 0, nanswers * sizeof(char *));
 
   for (i = 0; i < nanswers; i++) {
     tmp = ssh_buffer_get_ssh_string(packet);
-- 
cgit v1.2.3