[openssh-commits] [openssh] 02/02: upstream: fix leak: was double allocating kex->session_id buffer
git+noreply at mindrot.org
git+noreply at mindrot.org
Thu Jan 28 10:51:07 AEDT 2021
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit d983e1732b8135d7ee8d92290d6dce35f736ab88
Author: djm at openbsd.org <djm at openbsd.org>
Date: Wed Jan 27 23:49:46 2021 +0000
upstream: fix leak: was double allocating kex->session_id buffer
OpenBSD-Commit-ID: 3765f4cc3ae1df874dba9102a3588ba7b48b8183
---
kex.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/kex.c b/kex.c
index 56c68449..b73f14d3 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.165 2021/01/27 10:05:28 djm Exp $ */
+/* $OpenBSD: kex.c,v 1.166 2021/01/27 23:49:46 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
*
@@ -1068,13 +1068,15 @@ kex_derive_keys(struct ssh *ssh, u_char *hash, u_int hashlen,
/* save initial hash as session id */
if ((kex->flags & KEX_INITIAL) != 0) {
- if ((kex->session_id = sshbuf_new()) == NULL)
- return SSH_ERR_ALLOC_FAIL;
+ if (sshbuf_len(kex->session_id) != 0) {
+ error_f("already have session ID at kex");
+ return SSH_ERR_INTERNAL_ERROR;
+ }
if ((r = sshbuf_put(kex->session_id, hash, hashlen)) != 0)
return r;
} else if (sshbuf_len(kex->session_id) == 0) {
error_f("no session ID in rekex");
- return SSH_ERR_INTERNAL_ERROR;
+ return SSH_ERR_INTERNAL_ERROR;
}
for (i = 0; i < NKEYS; i++) {
if ((r = derive_key(ssh, 'A'+i, kex->we_need, hash, hashlen,
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list