- djm@cvs.openbsd.org 2005/11/05 05:01:15

[bufaux.c]
     Fix leaks in error paths, bz #1109 and #1110 reported by kremenek AT
     cs.stanford.edu; ok dtucker@

ChangeLog

@@ -98,6 +98,10 @@
      remove hardcoded hash lengths in key exchange code, allowing
      implementation of KEX methods with different hashes (e.g. SHA-256);
      ok markus@ dtucker@ stevesk@
+   - djm@cvs.openbsd.org 2005/11/05 05:01:15
+     [bufaux.c]
+     Fix leaks in error paths, bz #1109 and #1110 reported by kremenek AT
+     cs.stanford.edu; ok dtucker@
 
 20051102
  - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup().
@@ -3231,4 +3235,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.3951 2005/11/05 04:19:35 djm Exp $
+$Id: ChangeLog,v 1.3952 2005/11/05 05:04:36 djm Exp $

bufaux.c

@@ -37,7 +37,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: bufaux.c,v 1.36 2005/06/17 02:44:32 djm Exp $");
+RCSID("$OpenBSD: bufaux.c,v 1.37 2005/11/05 05:01:15 djm Exp $");
 
 #include <openssl/bn.h>
 #include "bufaux.h"
@@ -63,6 +63,7 @@ buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value)
 	if (oi != bin_size) {
 		error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d",
 		    oi, bin_size);
+		xfree(buf);
 		return (-1);
 	}
 
@@ -187,10 +188,12 @@ buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value)
 
 	if (len > 0 && (bin[0] & 0x80)) {
 		error("buffer_get_bignum2_ret: negative numbers not supported");
+		xfree(bin);
 		return (-1);
 	}
 	if (len > 8 * 1024) {
 		error("buffer_get_bignum2_ret: cannot handle BN of size %d", len);
+		xfree(bin);
 		return (-1);
 	}
 	BN_bin2bn(bin, len, value);