aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJon Simons <jon@jonsimons.org>2014-10-05 05:59:54 -0700
committerAndreas Schneider <asn@cryptomilk.org>2014-12-05 10:42:32 +0100
commit4745d652b5e71c27fd891edfe690162c0b8d3005 (patch)
tree42eaa0d31af549788f8f9c91716f8c23a1336fab
parenta48711ae7ef890c94e2a824afb899df385c406ee (diff)
downloadlibssh-4745d652b5e71c27fd891edfe690162c0b8d3005.tar.gz
libssh-4745d652b5e71c27fd891edfe690162c0b8d3005.tar.xz
libssh-4745d652b5e71c27fd891edfe690162c0b8d3005.zip
pki_crypto.c: plug ecdsa_sig->[r,s] bignum leaks
Per ecdsa(3ssl), ECDSA_SIG_new does allocate its 'r' and 's' bignum fields. Fix a bug where the initial 'r' and 's' bignums were being overwritten with newly-allocated bignums, resulting in a memory leak. BUG: https://red.libssh.org/issues/175 Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r--include/libssh/bignum.h1
-rw-r--r--src/bignum.c9
-rw-r--r--src/pki_crypto.c4
3 files changed, 12 insertions, 2 deletions
diff --git a/include/libssh/bignum.h b/include/libssh/bignum.h
index e5f2a472..61786c84 100644
--- a/include/libssh/bignum.h
+++ b/include/libssh/bignum.h
@@ -25,6 +25,7 @@
#include "libssh/libgcrypt.h"
bignum make_string_bn(ssh_string string);
+void make_string_bn_inplace(ssh_string string, bignum bnout);
ssh_string make_bignum_string(bignum num);
void ssh_print_bignum(const char *which,bignum num);
diff --git a/src/bignum.c b/src/bignum.c
index 14b5aa54..39de2487 100644
--- a/src/bignum.c
+++ b/src/bignum.c
@@ -81,6 +81,15 @@ bignum make_string_bn(ssh_string string){
return bn;
}
+void make_string_bn_inplace(ssh_string string, bignum bnout) {
+ unsigned int len = ssh_string_len(string);
+#ifdef HAVE_LIBGCRYPT
+ #error "unsupported"
+#elif defined HAVE_LIBCRYPTO
+ bignum_bin2bn(string->data, len, bnout);
+#endif
+}
+
/* prints the bignum on stderr */
void ssh_print_bignum(const char *which, bignum num) {
#ifdef HAVE_LIBGCRYPT
diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index 5706fdf0..6fc471c0 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -1421,7 +1421,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
ssh_print_hexa("r", ssh_string_data(r), ssh_string_len(r));
#endif
- sig->ecdsa_sig->r = make_string_bn(r);
+ make_string_bn_inplace(r, sig->ecdsa_sig->r);
ssh_string_burn(r);
ssh_string_free(r);
if (sig->ecdsa_sig->r == NULL) {
@@ -1442,7 +1442,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
ssh_print_hexa("s", ssh_string_data(s), ssh_string_len(s));
#endif
- sig->ecdsa_sig->s = make_string_bn(s);
+ make_string_bn_inplace(s, sig->ecdsa_sig->s);
ssh_string_burn(s);
ssh_string_free(s);
if (sig->ecdsa_sig->s == NULL) {