diff options
author | djm@openbsd.org <djm@openbsd.org> | 2018-08-04 00:55:06 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-08-06 11:07:17 +1000 |
commit | 967226a1bdde59ea137e8f0df871854ff7b91366 (patch) | |
tree | 59392d040b5d6f8762955db701bde5ef2f075b88 | |
parent | 74287f5df9966a0648b4a68417451dd18f079ab8 (diff) |
upstream: invalidate dh->priv_key after freeing it in error path;
avoids unlikely double-free later. Reported by Viktor Dukhovni via
https://github.com/openssh/openssh-portable/pull/96 feedback jsing@ tb@
OpenBSD-Commit-ID: e317eb17c3e05500ae851f279ef6486f0457c805
-rw-r--r-- | dh.c | 3 |
1 files changed, 2 insertions, 1 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: dh.c,v 1.65 2018/06/26 11:23:59 millert Exp $ */ | 1 | /* $OpenBSD: dh.c,v 1.66 2018/08/04 00:55:06 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Niels Provos. All rights reserved. | 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. |
4 | * | 4 | * |
@@ -279,6 +279,7 @@ dh_gen_key(DH *dh, int need) | |||
279 | if (DH_generate_key(dh) == 0 || | 279 | if (DH_generate_key(dh) == 0 || |
280 | !dh_pub_is_valid(dh, dh->pub_key)) { | 280 | !dh_pub_is_valid(dh, dh->pub_key)) { |
281 | BN_clear_free(dh->priv_key); | 281 | BN_clear_free(dh->priv_key); |
282 | dh->priv_key = NULL; | ||
282 | return SSH_ERR_LIBCRYPTO_ERROR; | 283 | return SSH_ERR_LIBCRYPTO_ERROR; |
283 | } | 284 | } |
284 | return 0; | 285 | return 0; |