diff options
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | krl.c | 19 |
2 files changed, 14 insertions, 8 deletions
| @@ -9,6 +9,9 @@ | |||
| 9 | parsing them from remote servers. | 9 | parsing them from remote servers. |
| 10 | Improve error checking in parsing of 'T' lines. | 10 | Improve error checking in parsing of 'T' lines. |
| 11 | ok dtucker@ deraadt@ | 11 | ok dtucker@ deraadt@ |
| 12 | - markus@cvs.openbsd.org 2013/06/20 19:15:06 | ||
| 13 | [krl.c] | ||
| 14 | don't leak the rdata blob on errors; ok djm@ | ||
| 12 | 15 | ||
| 13 | 20130702 | 16 | 20130702 |
| 14 | - (dtucker) [contrib/cygwin/README contrib/cygwin/ssh-host-config | 17 | - (dtucker) [contrib/cygwin/README contrib/cygwin/ssh-host-config |
| @@ -14,7 +14,7 @@ | |||
| 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| 15 | */ | 15 | */ |
| 16 | 16 | ||
| 17 | /* $OpenBSD: krl.c,v 1.11 2013/04/05 00:14:00 djm Exp $ */ | 17 | /* $OpenBSD: krl.c,v 1.12 2013/06/20 19:15:06 markus Exp $ */ |
| 18 | 18 | ||
| 19 | #include "includes.h" | 19 | #include "includes.h" |
| 20 | 20 | ||
| @@ -887,9 +887,10 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp, | |||
| 887 | char timestamp[64]; | 887 | char timestamp[64]; |
| 888 | int ret = -1, r, sig_seen; | 888 | int ret = -1, r, sig_seen; |
| 889 | Key *key = NULL, **ca_used = NULL; | 889 | Key *key = NULL, **ca_used = NULL; |
| 890 | u_char type, *blob; | 890 | u_char type, *blob, *rdata = NULL; |
| 891 | u_int i, j, sig_off, sects_off, blen, format_version, nca_used = 0; | 891 | u_int i, j, sig_off, sects_off, rlen, blen, format_version, nca_used; |
| 892 | 892 | ||
| 893 | nca_used = 0; | ||
| 893 | *krlp = NULL; | 894 | *krlp = NULL; |
| 894 | if (buffer_len(buf) < sizeof(KRL_MAGIC) - 1 || | 895 | if (buffer_len(buf) < sizeof(KRL_MAGIC) - 1 || |
| 895 | memcmp(buffer_ptr(buf), KRL_MAGIC, sizeof(KRL_MAGIC) - 1) != 0) { | 896 | memcmp(buffer_ptr(buf), KRL_MAGIC, sizeof(KRL_MAGIC) - 1) != 0) { |
| @@ -1015,21 +1016,22 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp, | |||
| 1015 | case KRL_SECTION_EXPLICIT_KEY: | 1016 | case KRL_SECTION_EXPLICIT_KEY: |
| 1016 | case KRL_SECTION_FINGERPRINT_SHA1: | 1017 | case KRL_SECTION_FINGERPRINT_SHA1: |
| 1017 | while (buffer_len(§) > 0) { | 1018 | while (buffer_len(§) > 0) { |
| 1018 | if ((blob = buffer_get_string_ret(§, | 1019 | if ((rdata = buffer_get_string_ret(§, |
| 1019 | &blen)) == NULL) { | 1020 | &rlen)) == NULL) { |
| 1020 | error("%s: buffer error", __func__); | 1021 | error("%s: buffer error", __func__); |
| 1021 | goto out; | 1022 | goto out; |
| 1022 | } | 1023 | } |
| 1023 | if (type == KRL_SECTION_FINGERPRINT_SHA1 && | 1024 | if (type == KRL_SECTION_FINGERPRINT_SHA1 && |
| 1024 | blen != 20) { | 1025 | rlen != 20) { |
| 1025 | error("%s: bad SHA1 length", __func__); | 1026 | error("%s: bad SHA1 length", __func__); |
| 1026 | goto out; | 1027 | goto out; |
| 1027 | } | 1028 | } |
| 1028 | if (revoke_blob( | 1029 | if (revoke_blob( |
| 1029 | type == KRL_SECTION_EXPLICIT_KEY ? | 1030 | type == KRL_SECTION_EXPLICIT_KEY ? |
| 1030 | &krl->revoked_keys : &krl->revoked_sha1s, | 1031 | &krl->revoked_keys : &krl->revoked_sha1s, |
| 1031 | blob, blen) != 0) | 1032 | rdata, rlen) != 0) |
| 1032 | goto out; /* revoke_blob frees blob */ | 1033 | goto out; |
| 1034 | rdata = NULL; /* revoke_blob frees blob */ | ||
| 1033 | } | 1035 | } |
| 1034 | break; | 1036 | break; |
| 1035 | case KRL_SECTION_SIGNATURE: | 1037 | case KRL_SECTION_SIGNATURE: |
| @@ -1095,6 +1097,7 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp, | |||
| 1095 | key_free(ca_used[i]); | 1097 | key_free(ca_used[i]); |
| 1096 | } | 1098 | } |
| 1097 | free(ca_used); | 1099 | free(ca_used); |
| 1100 | free(rdata); | ||
| 1098 | if (key != NULL) | 1101 | if (key != NULL) |
| 1099 | key_free(key); | 1102 | key_free(key); |
| 1100 | buffer_free(©); | 1103 | buffer_free(©); |