1
1

Fix doublefree bug found by Cyril

Этот коммит содержится в:
Aris Adamantiadis 2009-06-21 19:25:51 +02:00
родитель 77cd4795c5
Коммит bab8508eba

Просмотреть файл

@ -221,6 +221,7 @@ static int dh_handshake(SSH_SESSION *session) {
}
string_burn(e);
string_free(e);
e=NULL;
rc = packet_send(session);
if (rc == SSH_ERROR) {
@ -261,7 +262,7 @@ static int dh_handshake(SSH_SESSION *session) {
}
string_burn(f);
string_free(f);
f=NULL;
signature = buffer_get_ssh_string(session->in_buffer);
if (signature == NULL) {
ssh_set_error(session, SSH_FATAL, "No signature in packet");
@ -332,13 +333,14 @@ static int dh_handshake(SSH_SESSION *session) {
/* forget it for now ... */
string_burn(signature);
string_free(signature);
signature=NULL;
/*
* Once we got SSH2_MSG_NEWKEYS we can switch next_crypto and
* current_crypto
*/
if (session->current_crypto) {
crypto_free(session->current_crypto);
session->current_crypto=NULL;
}
/* FIXME later, include a function to change keys */
@ -364,14 +366,22 @@ static int dh_handshake(SSH_SESSION *session) {
/* not reached */
error:
if(e != NULL){
string_burn(e);
string_free(e);
}
if(f != NULL){
string_burn(f);
string_free(f);
}
if(pubkey != NULL){
string_burn(pubkey);
string_free(pubkey);
}
if(signature != NULL){
string_burn(signature);
string_free(signature);
}
leave_function();
return rc;