- djm@cvs.openbsd.org 2007/06/02 09:04:58

     [bufbn.c]
     memory leak on error path; from arnaud.lacombe.1 AT ulaval.ca

2 files changed, 8 insertions, 3 deletions

diff --git a/ChangeLog b/ChangeLog
index 484d93a84..f0668460a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -15,6 +15,9 @@
    - djm@cvs.openbsd.org 2007/05/31 23:34:29
      [packet.c]
      gc unreachable code; spotted by Tavis Ormandy
+   - djm@cvs.openbsd.org 2007/06/02 09:04:58
+     [bufbn.c]
+     memory leak on error path; from arnaud.lacombe.1 AT ulaval.ca
 
 20070520
  - (dtucker) OpenBSD CVS Sync
@@ -2958,4 +2961,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.4674 2007/06/05 08:28:20 dtucker Exp $
+$Id: ChangeLog,v 1.4675 2007/06/05 08:29:35 dtucker Exp $
diff --git a/bufbn.c b/bufbn.c
index ce8fba515..251cd0951 100644
--- a/bufbn.c
+++ b/bufbn.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bufbn.c,v 1.5 2007/02/14 14:32:00 stevesk Exp $*/
+/* $OpenBSD: bufbn.c,v 1.6 2007/06/02 09:04:58 djm Exp $*/
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -201,12 +201,14 @@ buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value)
                 return (-1);
         }
         if (len > 8 * 1024) {
-                error("buffer_get_bignum2_ret: cannot handle BN of size %d", len);
+                error("buffer_get_bignum2_ret: cannot handle BN of size %d",
+                    len);
                 xfree(bin);
                 return (-1);
         }
         if (BN_bin2bn(bin, len, value) == NULL) {
                 error("buffer_get_bignum2_ret: BN_bin2bn failed");
+                xfree(bin);
                 return (-1);
         }
         xfree(bin);