From 7798d39187b5d586c9a9edfffd43a0a0faf5cfc4 Mon Sep 17 00:00:00 2001 From: Jon Simons Date: Fri, 25 May 2018 03:56:54 -0700 Subject: [PATCH] dh: fix two leaks in `ssh_get_pubkey_hash` Fix two memory leaks in `ssh_get_pubkey_hash` for some error paths. The local `h` buffer and `ctx` MD5 context each must be free'd for the SSH_ERROR cases. Introduced with 16217454d576511f37f39c3169963629f9d5082f. Signed-off-by: Jon Simons Reviewed-by: Andreas Schneider --- src/dh.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/dh.c b/src/dh.c index d1523442..e059fef1 100644 --- a/src/dh.c +++ b/src/dh.c @@ -1008,15 +1008,20 @@ int ssh_get_pubkey_hash(ssh_session session, unsigned char **hash) { } rc = ssh_get_server_publickey(session, &pubkey); - if (rc != 0) { + if (rc != SSH_OK) { + md5_final(h, ctx); SAFE_FREE(h); return SSH_ERROR; } rc = ssh_pki_export_pubkey_blob(pubkey, &pubkey_blob); ssh_key_free(pubkey); - if (rc != 0) { + if (rc != SSH_OK) { + md5_final(h, ctx); + SAFE_FREE(h); + return SSH_ERROR; } + md5_update(ctx, ssh_string_data(pubkey_blob), ssh_string_len(pubkey_blob)); ssh_string_free(pubkey_blob); md5_final(h, ctx);