From aac682f60ea8d76b8555eff2e78025725c7630ea Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Fri, 20 Sep 2019 13:13:07 +0200 Subject: dh-gex: Correctly free modulus and generator with openssl Fixes T176 Signed-off-by: Jakub Jelen Reviewed-by: Anderson Toshiyuki Sasaki --- src/dh-gex.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/src/dh-gex.c b/src/dh-gex.c index bbd59c75..16ecd1be 100644 --- a/src/dh-gex.c +++ b/src/dh-gex.c @@ -107,7 +107,7 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_group) int blen; bignum pmin1 = NULL, one = NULL; bignum_CTX ctx = bignum_ctx_new(); - bignum modulus, generator; + bignum modulus = NULL, generator = NULL; const_bignum pubkey; (void) type; (void) user; @@ -179,14 +179,18 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_group) bignum_ctx_free(ctx); ctx = NULL; - /* all checks passed, set parameters */ + /* all checks passed, set parameters (the BNs are copied in openssl backend) */ rc = ssh_dh_set_parameters(session->next_crypto->dh_ctx, modulus, generator); if (rc != SSH_OK) { - bignum_safe_free(modulus); - bignum_safe_free(generator); goto error; } +#ifdef HAVE_LIBCRYPTO + bignum_safe_free(modulus); + bignum_safe_free(generator); +#endif + modulus = NULL; + generator = NULL; /* compute and send DH public parameter */ rc = ssh_dh_keypair_gen_keys(session->next_crypto->dh_ctx, @@ -221,6 +225,8 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_group) return SSH_PACKET_USED; error: + bignum_safe_free(modulus); + bignum_safe_free(generator); bignum_safe_free(one); bignum_safe_free(pmin1); if(!bignum_ctx_invalid(ctx)) { @@ -642,8 +648,8 @@ static SSH_PACKET_CALLBACK(ssh_packet_server_dhgex_request) generator); #ifdef HAVE_LIBCRYPTO - bignum_safe_free(generator); - bignum_safe_free(modulus); + bignum_safe_free(generator); + bignum_safe_free(modulus); #endif if (rc != SSH_OK) { -- cgit v1.2.3