[openssh-commits] [openssh] branch master updated: upstream: fix leak of CanonicalizePermittedCNAMEs on error path;

git+noreply at mindrot.org git+noreply at mindrot.org
Mon Mar 4 15:19:34 AEDT 2024 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

The following commit(s) were added to refs/heads/master by this push:
     new 3deb501f upstream: fix leak of CanonicalizePermittedCNAMEs on error path;
3deb501f is described below

commit 3deb501f86fc47e175ef6a3eaba9b9846a80d444
Author: djm at openbsd.org <djm at openbsd.org>
AuthorDate: Mon Mar 4 04:13:18 2024 +0000

    upstream: fix leak of CanonicalizePermittedCNAMEs on error path;
    
    spotted by Coverity (CID 438039)
    
    OpenBSD-Commit-ID: 208839699939721f452a4418afc028a9f9d3d8af
---
 readconf.c | 26 +++++++++++++++++++-------
 1 file changed, 19 insertions(+), 7 deletions(-)

diff --git a/readconf.c b/readconf.c
index 804fcca2..3a64a044 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.385 2024/03/04 02:16:11 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.386 2024/03/04 04:13:18 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -890,6 +890,20 @@ parse_token(const char *cp, const char *filename, int linenum,
 	return oBadOption;
 }
 
+static void
+free_canon_cnames(struct allowed_cname *cnames, u_int n)
+{
+	u_int i;
+
+	if (cnames == NULL || n == 0)
+		return;
+	for (i = 0; i < n; i++) {
+		free(cnames[i].source_list);
+		free(cnames[i].target_list);
+	}
+	free(cnames);
+}
+
 /* Multistate option parsing */
 struct multistate {
 	char *key;
@@ -2160,13 +2174,10 @@ parse_pubkey_algos:
 		if (found && *activep) {
 			options->permitted_cnames = cnames;
 			options->num_permitted_cnames = ncnames;
-		} else {
-			for (i = 0; i < ncnames; i++) {
-				free(cnames[i].source_list);
-				free(cnames[i].target_list);
-			}
-			free(cnames);
+			cnames = NULL; /* transferred */
+			ncnames = 0;
 		}
+		/* un-transferred cnames is cleaned up before exit */
 		break;
 
 	case oCanonicalizeHostname:
@@ -2405,6 +2416,7 @@ parse_pubkey_algos:
 	/* success */
 	ret = 0;
  out:
+	free_canon_cnames(cnames, ncnames);
 	opt_array_free2(strs, NULL, nstrs);
 	argv_free(oav, oac);
 	return ret;

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list