tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream: double free() in error path; from Eusgor via GHPR333 

OpenBSD-Commit-ID: 39f35e16ba878c8d02b4d01d8826d9b321be26d4
This commit is contained in:
djm@openbsd.org 2022-08-19 03:06:30 +00:00 committed by Damien Miller
parent 5a5c580b48
commit 5062ad4881
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
sshsig.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshsig.c,v 1.29 2022/03/30 04:27:51 djm Exp $ */ /* $OpenBSD: sshsig.c,v 1.30 2022/08/19 03:06:30 djm Exp $ */
/* /*
* Copyright (c) 2019 Google LLC * Copyright (c) 2019 Google LLC
* *
@ -491,7 +491,7 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp)
{ {
char *hex, rbuf[8192], hash[SSH_DIGEST_MAX_LENGTH]; char *hex, rbuf[8192], hash[SSH_DIGEST_MAX_LENGTH];
ssize_t n, total = 0; ssize_t n, total = 0;
struct ssh_digest_ctx *ctx; struct ssh_digest_ctx *ctx = NULL;
int alg, oerrno, r = SSH_ERR_INTERNAL_ERROR; int alg, oerrno, r = SSH_ERR_INTERNAL_ERROR;
struct sshbuf *b = NULL; struct sshbuf *b = NULL;
@ -514,7 +514,6 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp)
continue; continue;
oerrno = errno; oerrno = errno;
error_f("read: %s", strerror(errno)); error_f("read: %s", strerror(errno));
ssh_digest_free(ctx);
errno = oerrno; errno = oerrno;
r = SSH_ERR_SYSTEM_ERROR; r = SSH_ERR_SYSTEM_ERROR;
goto out; goto out;
@ -549,9 +548,11 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp)
/* success */ /* success */
r = 0; r = 0;
out: out:
oerrno = errno;
sshbuf_free(b); sshbuf_free(b);
ssh_digest_free(ctx); ssh_digest_free(ctx);
explicit_bzero(hash, sizeof(hash)); explicit_bzero(hash, sizeof(hash));
errno = oerrno;
return r; return r;
} }