From b44987a164c6bec176bbc3ac395cd0c29c701b5c Mon Sep 17 00:00:00 2001
From: Jon Simons <jon@jonsimons.org>
Date: Tue, 29 Jan 2019 20:06:12 -0500
Subject: dh-gex: fix double-ssh_dh_init_common memory leak

Fix a memory leak whereby the x, y, and k bignum fields within
a session's next_crypto structure were being unintentionally
initialized twice.

The leak can be seen before the fix with valgrind and the pkd
tests with:

    valgrind \
      --leak-check=full \
      --show-leak-kinds=definite \
      ./pkd_hello -i1 -t torture_pkd_openssh_rsa_rsa_diffie_hellman_group_exchange_sha256

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/dh-gex.c | 6 ------
 1 file changed, 6 deletions(-)

(limited to 'src')

diff --git a/src/dh-gex.c b/src/dh-gex.c
index a52be036..cbe7e02c 100644
--- a/src/dh-gex.c
+++ b/src/dh-gex.c
@@ -552,12 +552,6 @@ static SSH_PACKET_CALLBACK(ssh_packet_server_dhgex_request)
         goto error;
     }
 
-    rc = ssh_dh_init_common(session);
-    if (rc != SSH_OK){
-        ssh_set_error_oom(session);
-        goto error;
-    }
-
     /* Minimum group size, preferred group size, maximum group size */
     rc = ssh_buffer_unpack(packet, "ddd", &pmin, &pn, &pmax);
     if (rc != SSH_OK){
-- 
cgit v1.2.3