Fixed memory leak in userauth_publickey().
userauth_publickey_fromfile() reads the key from a file using file_read_publickey() which returns two allocated strings, the decoded key and the key method (such as "ssh-dss"). The latter can be derived from the former but returning both avoids a later allocation while doing so. Older versions of userauth_publickey_fromfile() used this method string directly but when userauth_publickey() was factored out of userauth_publickey_fromfile() it derived the method from the key itself. This resulted in the method being allocated twice. This fix, which maintains the optimisation that avoids an extra allocation, changes userauth_publickey() so it doesn't allocate and derive the method when userauth_pblc_method already has a value. Signed-off-by: Alexander Lamaison <awl03@doc.ic.ac.uk>
Этот коммит содержится в:
Alexander Lamaison
родитель
7926c9cfaa
Коммит
73e37b3b49
@ -41,6 +41,8 @@
|
|||||||
#include <ctype.h>
|
#include <ctype.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
|
|
||||||
|
#include <assert.h>
|
||||||
|
|
||||||
/* Needed for struct iovec on some platforms */
|
/* Needed for struct iovec on some platforms */
|
||||||
#ifdef HAVE_SYS_UIO_H
|
#ifdef HAVE_SYS_UIO_H
|
||||||
#include <sys/uio.h>
|
#include <sys/uio.h>
|
||||||
@ -469,7 +471,10 @@ libssh2_userauth_password_ex(LIBSSH2_SESSION *session, const char *username,
|
|||||||
*
|
*
|
||||||
* Read a public key from an id_???.pub style file
|
* Read a public key from an id_???.pub style file
|
||||||
*
|
*
|
||||||
* Returns an allocated string in *pubkeydata on success.
|
* Returns an allocated string containing the decoded key in *pubkeydata
|
||||||
|
* on success.
|
||||||
|
* Returns an allocated string containing the key method (e.g. "ssh-dss")
|
||||||
|
* in method on success.
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
file_read_publickey(LIBSSH2_SESSION * session, unsigned char **method,
|
file_read_publickey(LIBSSH2_SESSION * session, unsigned char **method,
|
||||||
@ -948,16 +953,27 @@ userauth_publickey(LIBSSH2_SESSION *session,
|
|||||||
memset(&session->userauth_pblc_packet_requirev_state, 0,
|
memset(&session->userauth_pblc_packet_requirev_state, 0,
|
||||||
sizeof(session->userauth_pblc_packet_requirev_state));
|
sizeof(session->userauth_pblc_packet_requirev_state));
|
||||||
|
|
||||||
session->userauth_pblc_method_len = _libssh2_ntohu32(pubkeydata);
|
/*
|
||||||
session->userauth_pblc_method =
|
* As an optimisation, userauth_publickey_fromfile reuses a
|
||||||
LIBSSH2_ALLOC(session, session->userauth_pblc_method_len);
|
* previously allocated copy of the method name to avoid an extra
|
||||||
|
* allocation/free.
|
||||||
|
* For other uses, we allocate and populate it here.
|
||||||
|
*/
|
||||||
if (!session->userauth_pblc_method) {
|
if (!session->userauth_pblc_method) {
|
||||||
libssh2_error(session, LIBSSH2_ERROR_ALLOC,
|
session->userauth_pblc_method_len = _libssh2_ntohu32(pubkeydata);
|
||||||
"Unable to allocate memory for public key data", 0);
|
session->userauth_pblc_method =
|
||||||
return -1;
|
LIBSSH2_ALLOC(session, session->userauth_pblc_method_len);
|
||||||
|
if (!session->userauth_pblc_method) {
|
||||||
|
libssh2_error(session, LIBSSH2_ERROR_ALLOC,
|
||||||
|
"Unable to allocate memory for public key "
|
||||||
|
"data", 0);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
memcpy(session->userauth_pblc_method, pubkeydata + 4,
|
||||||
|
session->userauth_pblc_method_len);
|
||||||
}
|
}
|
||||||
memcpy(session->userauth_pblc_method, pubkeydata + 4,
|
assert( /* preallocated method len should match what we expect */
|
||||||
session->userauth_pblc_method_len);
|
session->userauth_pblc_method_len == _libssh2_ntohu32(pubkeydata));
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* 45 = packet_type(1) + username_len(4) + servicename_len(4) +
|
* 45 = packet_type(1) + username_len(4) + servicename_len(4) +
|
||||||
|
|||||||
Загрузка…
x
Ссылка в новой задаче
Block a user