summaryrefslogtreecommitdiff
path: root/krl.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2013-07-18 16:09:44 +1000
committerDamien Miller <djm@mindrot.org>2013-07-18 16:09:44 +1000
commit3071070b39e6d1722151c754cdc2b26640eaf45e (patch)
tree467608f0a4e1ebc4be86dfddb971082a3dad422b /krl.c
parent044bd2a7ddb0b6f6b716c87e57261572e2b89028 (diff)
- markus@cvs.openbsd.org 2013/06/20 19:15:06
[krl.c] don't leak the rdata blob on errors; ok djm@
Diffstat (limited to 'krl.c')
-rw-r--r--krl.c19
1 files changed, 11 insertions, 8 deletions
diff --git a/krl.c b/krl.c
index 7ac6261cb..bd6d37804 100644
--- a/krl.c
+++ b/krl.c
@@ -14,7 +14,7 @@
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */ 15 */
16 16
17/* $OpenBSD: krl.c,v 1.11 2013/04/05 00:14:00 djm Exp $ */ 17/* $OpenBSD: krl.c,v 1.12 2013/06/20 19:15:06 markus Exp $ */
18 18
19#include "includes.h" 19#include "includes.h"
20 20
@@ -887,9 +887,10 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp,
887 char timestamp[64]; 887 char timestamp[64];
888 int ret = -1, r, sig_seen; 888 int ret = -1, r, sig_seen;
889 Key *key = NULL, **ca_used = NULL; 889 Key *key = NULL, **ca_used = NULL;
890 u_char type, *blob; 890 u_char type, *blob, *rdata = NULL;
891 u_int i, j, sig_off, sects_off, blen, format_version, nca_used = 0; 891 u_int i, j, sig_off, sects_off, rlen, blen, format_version, nca_used;
892 892
893 nca_used = 0;
893 *krlp = NULL; 894 *krlp = NULL;
894 if (buffer_len(buf) < sizeof(KRL_MAGIC) - 1 || 895 if (buffer_len(buf) < sizeof(KRL_MAGIC) - 1 ||
895 memcmp(buffer_ptr(buf), KRL_MAGIC, sizeof(KRL_MAGIC) - 1) != 0) { 896 memcmp(buffer_ptr(buf), KRL_MAGIC, sizeof(KRL_MAGIC) - 1) != 0) {
@@ -1015,21 +1016,22 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp,
1015 case KRL_SECTION_EXPLICIT_KEY: 1016 case KRL_SECTION_EXPLICIT_KEY:
1016 case KRL_SECTION_FINGERPRINT_SHA1: 1017 case KRL_SECTION_FINGERPRINT_SHA1:
1017 while (buffer_len(&sect) > 0) { 1018 while (buffer_len(&sect) > 0) {
1018 if ((blob = buffer_get_string_ret(&sect, 1019 if ((rdata = buffer_get_string_ret(&sect,
1019 &blen)) == NULL) { 1020 &rlen)) == NULL) {
1020 error("%s: buffer error", __func__); 1021 error("%s: buffer error", __func__);
1021 goto out; 1022 goto out;
1022 } 1023 }
1023 if (type == KRL_SECTION_FINGERPRINT_SHA1 && 1024 if (type == KRL_SECTION_FINGERPRINT_SHA1 &&
1024 blen != 20) { 1025 rlen != 20) {
1025 error("%s: bad SHA1 length", __func__); 1026 error("%s: bad SHA1 length", __func__);
1026 goto out; 1027 goto out;
1027 } 1028 }
1028 if (revoke_blob( 1029 if (revoke_blob(
1029 type == KRL_SECTION_EXPLICIT_KEY ? 1030 type == KRL_SECTION_EXPLICIT_KEY ?
1030 &krl->revoked_keys : &krl->revoked_sha1s, 1031 &krl->revoked_keys : &krl->revoked_sha1s,
1031 blob, blen) != 0) 1032 rdata, rlen) != 0)
1032 goto out; /* revoke_blob frees blob */ 1033 goto out;
1034 rdata = NULL; /* revoke_blob frees blob */
1033 } 1035 }
1034 break; 1036 break;
1035 case KRL_SECTION_SIGNATURE: 1037 case KRL_SECTION_SIGNATURE:
@@ -1095,6 +1097,7 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp,
1095 key_free(ca_used[i]); 1097 key_free(ca_used[i]);
1096 } 1098 }
1097 free(ca_used); 1099 free(ca_used);
1100 free(rdata);
1098 if (key != NULL) 1101 if (key != NULL)
1099 key_free(key); 1102 key_free(key);
1100 buffer_free(&copy); 1103 buffer_free(&copy);
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-26 20:51:07 +0000