[openssh-commits] [openssh] 01/01: upstream: backout 1.293 fix kex mem-leak in ssh_packet_close at markus

git+noreply at mindrot.org git+noreply at mindrot.org
Sat Jun 27 20:23:33 AEST 2020


This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 14beca57ac92d62830c42444c26ba861812dc837
Author: semarie at openbsd.org <semarie at openbsd.org>
Date:   Fri Jun 26 11:26:01 2020 +0000

    upstream: backout 1.293 fix kex mem-leak in ssh_packet_close at markus
    
    request
    
    the change introduced a NULL deref in sshpkt_vfatal() (uses of ssh->kex after
    calling ssh_packet_clear_keys())
    
    OpenBSD-Commit-ID: 9c9a6721411461b0b1c28dc00930d7251a798484
---
 packet.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/packet.c b/packet.c
index 4780356f..9ffd9f59 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.293 2020/06/24 15:12:09 markus Exp $ */
+/* $OpenBSD: packet.c,v 1.294 2020/06/26 11:26:01 semarie Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -616,8 +616,6 @@ ssh_packet_close_internal(struct ssh *ssh, int do_close)
 		state->newkeys[mode] = NULL;
 		ssh_clear_newkeys(ssh, mode);		/* next keys */
 	}
-	kex_free(ssh->kex);
-	ssh->kex = NULL;
 #ifdef WITH_ZLIB
 	/* compression state is in shared mem, so we can only release it once */
 	if (do_close && state->compression_buffer) {

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list