diff options
| author | dtucker@openbsd.org <dtucker@openbsd.org> | 2017-03-10 03:45:40 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2017-03-10 15:35:38 +1100 |
| commit | 5a06b9e019e2b0b0f65a223422935b66f3749de3 (patch) | |
| tree | acc02bfe066fc80431f0fbb999fefc7752e7c9a6 /kex.c | |
| parent | f6edbe9febff8121f26835996b1229b5064d31b7 (diff) | |
upstream commit
Plug some mem leaks mostly on error paths. From jjelen
at redhat.com via bz#2687, ok djm@
Upstream-ID: 3fb030149598957a51b7c8beb32bf92cf30c96f2
Diffstat (limited to 'kex.c')
| -rw-r--r-- | kex.c | 17 |
1 files changed, 12 insertions, 5 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kex.c,v 1.128 2017/02/03 23:01:19 djm Exp $ */ | 1 | /* $OpenBSD: kex.c,v 1.129 2017/03/10 03:45:40 dtucker Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -178,7 +178,7 @@ kex_names_valid(const char *names) | |||
| 178 | char * | 178 | char * |
| 179 | kex_names_cat(const char *a, const char *b) | 179 | kex_names_cat(const char *a, const char *b) |
| 180 | { | 180 | { |
| 181 | char *ret = NULL, *tmp = NULL, *cp, *p; | 181 | char *ret = NULL, *tmp = NULL, *cp, *p, *m; |
| 182 | size_t len; | 182 | size_t len; |
| 183 | 183 | ||
| 184 | if (a == NULL || *a == '\0') | 184 | if (a == NULL || *a == '\0') |
| @@ -195,8 +195,10 @@ kex_names_cat(const char *a, const char *b) | |||
| 195 | } | 195 | } |
| 196 | strlcpy(ret, a, len); | 196 | strlcpy(ret, a, len); |
| 197 | for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) { | 197 | for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) { |
| 198 | if (match_list(ret, p, NULL) != NULL) | 198 | if ((m = match_list(ret, p, NULL)) != NULL) { |
| 199 | free(m); | ||
| 199 | continue; /* Algorithm already present */ | 200 | continue; /* Algorithm already present */ |
| 201 | } | ||
| 200 | if (strlcat(ret, ",", len) >= len || | 202 | if (strlcat(ret, ",", len) >= len || |
| 201 | strlcat(ret, p, len) >= len) { | 203 | strlcat(ret, p, len) >= len) { |
| 202 | free(tmp); | 204 | free(tmp); |
| @@ -651,8 +653,10 @@ choose_enc(struct sshenc *enc, char *client, char *server) | |||
| 651 | 653 | ||
| 652 | if (name == NULL) | 654 | if (name == NULL) |
| 653 | return SSH_ERR_NO_CIPHER_ALG_MATCH; | 655 | return SSH_ERR_NO_CIPHER_ALG_MATCH; |
| 654 | if ((enc->cipher = cipher_by_name(name)) == NULL) | 656 | if ((enc->cipher = cipher_by_name(name)) == NULL) { |
| 657 | free(name); | ||
| 655 | return SSH_ERR_INTERNAL_ERROR; | 658 | return SSH_ERR_INTERNAL_ERROR; |
| 659 | } | ||
| 656 | enc->name = name; | 660 | enc->name = name; |
| 657 | enc->enabled = 0; | 661 | enc->enabled = 0; |
| 658 | enc->iv = NULL; | 662 | enc->iv = NULL; |
| @@ -670,8 +674,10 @@ choose_mac(struct ssh *ssh, struct sshmac *mac, char *client, char *server) | |||
| 670 | 674 | ||
| 671 | if (name == NULL) | 675 | if (name == NULL) |
| 672 | return SSH_ERR_NO_MAC_ALG_MATCH; | 676 | return SSH_ERR_NO_MAC_ALG_MATCH; |
| 673 | if (mac_setup(mac, name) < 0) | 677 | if (mac_setup(mac, name) < 0) { |
| 678 | free(name); | ||
| 674 | return SSH_ERR_INTERNAL_ERROR; | 679 | return SSH_ERR_INTERNAL_ERROR; |
| 680 | } | ||
| 675 | /* truncate the key */ | 681 | /* truncate the key */ |
| 676 | if (ssh->compat & SSH_BUG_HMAC) | 682 | if (ssh->compat & SSH_BUG_HMAC) |
| 677 | mac->key_len = 16; | 683 | mac->key_len = 16; |
| @@ -695,6 +701,7 @@ choose_comp(struct sshcomp *comp, char *client, char *server) | |||
| 695 | } else if (strcmp(name, "none") == 0) { | 701 | } else if (strcmp(name, "none") == 0) { |
| 696 | comp->type = COMP_NONE; | 702 | comp->type = COMP_NONE; |
| 697 | } else { | 703 | } else { |
| 704 | free(name); | ||
| 698 | return SSH_ERR_INTERNAL_ERROR; | 705 | return SSH_ERR_INTERNAL_ERROR; |
| 699 | } | 706 | } |
| 700 | comp->name = name; | 707 | comp->name = name; |