[openssh-commits] [openssh] branch master updated: upstream: avoid leak of fingerprint on error path; from Lidong Yan via

git+noreply at mindrot.org git+noreply at mindrot.org
Tue Nov 25 11:57:46 AEDT 2025 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

The following commit(s) were added to refs/heads/master by this push:
     new c23122c5e upstream: avoid leak of fingerprint on error path; from Lidong Yan via
c23122c5e is described below

commit c23122c5ea7348b7b6daa2982e53c201a5354007
Author: djm at openbsd.org <djm at openbsd.org>
AuthorDate: Tue Nov 25 00:57:04 2025 +0000

    upstream: avoid leak of fingerprint on error path; from Lidong Yan via
    
    GHPR611
    
    OpenBSD-Commit-ID: 253f6f7d729d8636da23ac9925b60b494e85a810
---
 hostfile.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/hostfile.c b/hostfile.c
index 4cec57da5..033b29104 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: hostfile.c,v 1.99 2025/05/06 05:40:56 djm Exp $ */
+/* $OpenBSD: hostfile.c,v 1.100 2025/11/25 00:57:04 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -626,7 +626,7 @@ hostfile_replace_entries(const char *filename, const char *host, const char *ip,
 	int r, fd, oerrno = 0;
 	int loglevel = quiet ? SYSLOG_LEVEL_DEBUG1 : SYSLOG_LEVEL_VERBOSE;
 	struct host_delete_ctx ctx;
-	char *fp, *temp = NULL, *back = NULL;
+	char *fp = NULL, *temp = NULL, *back = NULL;
 	const char *what;
 	mode_t omask;
 	size_t i;
@@ -715,6 +715,7 @@ hostfile_replace_entries(const char *filename, const char *host, const char *ip,
 		    host, ip == NULL ? "" : ",", ip == NULL ? "" : ip, filename,
 		    sshkey_ssh_name(keys[i]), fp);
 		free(fp);
+		fp = NULL;
 		ctx.modified = 1;
 	}
 	fclose(ctx.out);
@@ -755,6 +756,7 @@ hostfile_replace_entries(const char *filename, const char *host, const char *ip,
 		unlink(temp);
 	free(temp);
 	free(back);
+	free(fp);
 	if (ctx.out != NULL)
 		fclose(ctx.out);
 	free(ctx.match_keys);

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list