diff options
| author |   djm <djm@openbsd.org> | 2021-01-27 23:49:46 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2021-01-27 23:49:46 +0000 |
| commit | 3a4af11b14f7074e31c6f73eb6b46280b53d4b48 (patch) | |
| tree | d3fbc048797c1de74b5dadb32f97c23b07e0e64f | |
| parent | update comment, SMALL was split into SMALL and NOSSL (diff) | |
| download | wireguard-openbsd-3a4af11b14f7074e31c6f73eb6b46280b53d4b48.tar.xz wireguard-openbsd-3a4af11b14f7074e31c6f73eb6b46280b53d4b48.zip | |
fix leak: was double allocating kex->session_id buffer
| -rw-r--r-- | usr.bin/ssh/kex.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/usr.bin/ssh/kex.c b/usr.bin/ssh/kex.c index bc67619108c..8f019d51da5 100644 --- a/usr.bin/ssh/kex.c +++ b/usr.bin/ssh/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.165 2021/01/27 10:05:28 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.166 2021/01/27 23:49:46 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -1051,13 +1051,15 @@ kex_derive_keys(struct ssh *ssh, u_char *hash, u_int hashlen, /* save initial hash as session id */ if ((kex->flags & KEX_INITIAL) != 0) { - if ((kex->session_id = sshbuf_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; + if (sshbuf_len(kex->session_id) != 0) { + error_f("already have session ID at kex"); + return SSH_ERR_INTERNAL_ERROR; + } if ((r = sshbuf_put(kex->session_id, hash, hashlen)) != 0) return r; } else if (sshbuf_len(kex->session_id) == 0) { error_f("no session ID in rekex"); - return SSH_ERR_INTERNAL_ERROR; + return SSH_ERR_INTERNAL_ERROR; } for (i = 0; i < NKEYS; i++) { if ((r = derive_key(ssh, 'A'+i, kex->we_need, hash, hashlen, |