From 5fd8b02b440fac52cbf70c203fbfc716a3620074 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Nov 2005 16:04:36 +1100 Subject: - djm@cvs.openbsd.org 2005/11/05 05:01:15 [bufaux.c] Fix leaks in error paths, bz #1109 and #1110 reported by kremenek AT cs.stanford.edu; ok dtucker@ --- ChangeLog | 6 +++++- bufaux.c | 5 ++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6fb0b7d35..46b40f197 100644 --- a/ChangeLog +++ b/ChangeLog @@ -98,6 +98,10 @@ remove hardcoded hash lengths in key exchange code, allowing implementation of KEX methods with different hashes (e.g. SHA-256); ok markus@ dtucker@ stevesk@ + - djm@cvs.openbsd.org 2005/11/05 05:01:15 + [bufaux.c] + Fix leaks in error paths, bz #1109 and #1110 reported by kremenek AT + cs.stanford.edu; ok dtucker@ 20051102 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). @@ -3231,4 +3235,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3951 2005/11/05 04:19:35 djm Exp $ +$Id: ChangeLog,v 1.3952 2005/11/05 05:04:36 djm Exp $ diff --git a/bufaux.c b/bufaux.c index 8d096a056..106a3a0c7 100644 --- a/bufaux.c +++ b/bufaux.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: bufaux.c,v 1.36 2005/06/17 02:44:32 djm Exp $"); +RCSID("$OpenBSD: bufaux.c,v 1.37 2005/11/05 05:01:15 djm Exp $"); #include #include "bufaux.h" @@ -63,6 +63,7 @@ buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value) if (oi != bin_size) { error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d", oi, bin_size); + xfree(buf); return (-1); } @@ -187,10 +188,12 @@ buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value) if (len > 0 && (bin[0] & 0x80)) { error("buffer_get_bignum2_ret: negative numbers not supported"); + xfree(bin); return (-1); } if (len > 8 * 1024) { error("buffer_get_bignum2_ret: cannot handle BN of size %d", len); + xfree(bin); return (-1); } BN_bin2bn(bin, len, value); -- cgit v1.2.3