diff options
author | djm@openbsd.org <djm@openbsd.org> | 2020-05-26 01:59:46 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2020-05-27 10:14:45 +1000 |
commit | 4be563994c0cbe9856e7dd3078909f41beae4a9c (patch) | |
tree | 84ad13c9f79894f9412eadae397a1656206b4395 | |
parent | 0c111eb84efba7c2a38b2cc3278901a0123161b9 (diff) |
upstream: fix memleak of signature; from Pedro Martelletto
OpenBSD-Commit-ID: d0a6eb07e77c001427d738b220dd024ddc64b2bb
-rw-r--r-- | ssh-sk-helper.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/ssh-sk-helper.c b/ssh-sk-helper.c index 2f93ad716..8f92f4e23 100644 --- a/ssh-sk-helper.c +++ b/ssh-sk-helper.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-sk-helper.c,v 1.9 2020/01/25 23:13:09 djm Exp $ */ | 1 | /* $OpenBSD: ssh-sk-helper.c,v 1.10 2020/05/26 01:59:46 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2019 Google LLC | 3 | * Copyright (c) 2019 Google LLC |
4 | * | 4 | * |
@@ -93,12 +93,12 @@ process_sign(struct sshbuf *req) | |||
93 | { | 93 | { |
94 | int r = SSH_ERR_INTERNAL_ERROR; | 94 | int r = SSH_ERR_INTERNAL_ERROR; |
95 | struct sshbuf *resp, *kbuf; | 95 | struct sshbuf *resp, *kbuf; |
96 | struct sshkey *key; | 96 | struct sshkey *key = NULL; |
97 | uint32_t compat; | 97 | uint32_t compat; |
98 | const u_char *message; | 98 | const u_char *message; |
99 | u_char *sig; | 99 | u_char *sig = NULL; |
100 | size_t msglen, siglen; | 100 | size_t msglen, siglen = 0; |
101 | char *provider, *pin; | 101 | char *provider = NULL, *pin = NULL; |
102 | 102 | ||
103 | if ((r = sshbuf_froms(req, &kbuf)) != 0 || | 103 | if ((r = sshbuf_froms(req, &kbuf)) != 0 || |
104 | (r = sshbuf_get_cstring(req, &provider, NULL)) != 0 || | 104 | (r = sshbuf_get_cstring(req, &provider, NULL)) != 0 || |
@@ -134,8 +134,11 @@ process_sign(struct sshbuf *req) | |||
134 | (r = sshbuf_put_string(resp, sig, siglen)) != 0) | 134 | (r = sshbuf_put_string(resp, sig, siglen)) != 0) |
135 | fatal("%s: buffer error: %s", __progname, ssh_err(r)); | 135 | fatal("%s: buffer error: %s", __progname, ssh_err(r)); |
136 | out: | 136 | out: |
137 | sshkey_free(key); | ||
137 | sshbuf_free(kbuf); | 138 | sshbuf_free(kbuf); |
138 | free(provider); | 139 | free(provider); |
140 | if (sig != NULL) | ||
141 | freezero(sig, siglen); | ||
139 | if (pin != NULL) | 142 | if (pin != NULL) |
140 | freezero(pin, strlen(pin)); | 143 | freezero(pin, strlen(pin)); |
141 | return resp; | 144 | return resp; |