diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2013-06-20 19:15:07 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2013-06-20 19:15:07 +0000 |
| commit | de9cdc2692a7e10e109251065a4f42d478e33297 (patch) | |
| tree | b91468972f3576c4b936306ec0521074a979d472 | |
| parent | d621564b19d5f6a79c9bda68467d6096d2d9069f (diff) | |
don't leak the rdata blob on errors; ok djm@
| -rw-r--r-- | usr.bin/ssh/krl.c | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/usr.bin/ssh/krl.c b/usr.bin/ssh/krl.c index 6bae7dd30e7..ab2d8ca8a52 100644 --- a/usr.bin/ssh/krl.c +++ b/usr.bin/ssh/krl.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $OpenBSD: krl.c,v 1.11 2013/04/05 00:14:00 djm Exp $ */ +/* $OpenBSD: krl.c,v 1.12 2013/06/20 19:15:06 markus Exp $ */ #include <sys/types.h> #include <sys/param.h> @@ -885,9 +885,10 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp, char timestamp[64]; int ret = -1, r, sig_seen; Key *key = NULL, **ca_used = NULL; - u_char type, *blob; - u_int i, j, sig_off, sects_off, blen, format_version, nca_used = 0; + u_char type, *blob, *rdata = NULL; + u_int i, j, sig_off, sects_off, rlen, blen, format_version, nca_used; + nca_used = 0; *krlp = NULL; if (buffer_len(buf) < sizeof(KRL_MAGIC) - 1 || memcmp(buffer_ptr(buf), KRL_MAGIC, sizeof(KRL_MAGIC) - 1) != 0) { @@ -1013,21 +1014,22 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp, case KRL_SECTION_EXPLICIT_KEY: case KRL_SECTION_FINGERPRINT_SHA1: while (buffer_len(§) > 0) { - if ((blob = buffer_get_string_ret(§, - &blen)) == NULL) { + if ((rdata = buffer_get_string_ret(§, + &rlen)) == NULL) { error("%s: buffer error", __func__); goto out; } if (type == KRL_SECTION_FINGERPRINT_SHA1 && - blen != 20) { + rlen != 20) { error("%s: bad SHA1 length", __func__); goto out; } if (revoke_blob( type == KRL_SECTION_EXPLICIT_KEY ? &krl->revoked_keys : &krl->revoked_sha1s, - blob, blen) != 0) - goto out; /* revoke_blob frees blob */ + rdata, rlen) != 0) + goto out; + rdata = NULL; /* revoke_blob frees blob */ } break; case KRL_SECTION_SIGNATURE: @@ -1093,6 +1095,7 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp, key_free(ca_used[i]); } free(ca_used); + free(rdata); if (key != NULL) key_free(key); buffer_free(©); |