aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Schneider <asn@cryptomilk.org>2017-04-26 10:55:25 +0200
committerAndreas Schneider <asn@cryptomilk.org>2017-04-26 10:55:25 +0200
commitabbd6e304ae5e678766f1c97012cb53c12757d96 (patch)
treeece261d5424439d6d072c64a421f2ac4f5dd9881
parent7c79b5c154ce2788cf5254a62468fee5112f7640 (diff)
downloadlibssh-abbd6e304ae5e678766f1c97012cb53c12757d96.tar.gz
libssh-abbd6e304ae5e678766f1c97012cb53c12757d96.tar.xz
libssh-abbd6e304ae5e678766f1c97012cb53c12757d96.zip
messages: Make sure we always free the answers pointer
Found by ozz-fuzz BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1272 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r--src/messages.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/messages.c b/src/messages.c
index 3ed912fd..4e4141e0 100644
--- a/src/messages.c
+++ b/src/messages.c
@@ -969,7 +969,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){
goto error;
}
- } else if (session->kbdint->nanswers > 0) {
+ } else if (session->kbdint->answers != NULL) {
uint32_t n;
for (n = 0; n < session->kbdint->nanswers; n++) {
@@ -998,7 +998,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){
}
session->kbdint->nanswers = nanswers;
- session->kbdint->answers = calloc(1, nanswers * sizeof(char *));
+ session->kbdint->answers = calloc(nanswers, sizeof(char *));
if (session->kbdint->answers == NULL) {
session->kbdint->nanswers = 0;
ssh_set_error_oom(session);