[Bug 2561] ssh-keygen -A does not recreate broken zero-sized host keys

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Jun 30 14:29:33 AEST 2017


https://bugzilla.mindrot.org/show_bug.cgi?id=2561

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3003|ok?(dtucker at zip.com.au)     |ok-
              Flags|                            |

--- Comment #12 from Darren Tucker <dtucker at zip.com.au> ---
Comment on attachment 3003
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3003
update to current

>+		public = private = NULL;
>+		xasprintf(&prv_tmp, "%s%s.XXXXXXXXXX",
>+		    identity_file, key_types[i].path);
>+		xasprintf(&pub_tmp, "%s%s.pub.XXXXXXXXXX",
>+		    identity_file, key_types[i].path);
>+		xasprintf(&prv_file, "%s%s",
>+		    identity_file, key_types[i].path);
>+		xasprintf(&pub_file, "%s%s.pub",
>+		    identity_file, key_types[i].path);
>+
>+		if (stat(prv_file, &st) == 0) {
>+			if (st.st_size != 0)
>+				continue;

This will leak prv_tmp and friends in the case where the key already
exists.
The next iteration of the loop will allocate them again, leaking the
first.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list