diff options
| author | Kevin Steves <stevesk@cvs.openbsd.org> | 2001-01-22 17:22:29 +0000 |
|---|---|---|
| committer | Kevin Steves <stevesk@cvs.openbsd.org> | 2001-01-22 17:22:29 +0000 |
| commit | 85db479b2362c15a2266e01737d835e86cda1b1e (patch) | |
| tree | 91f1f1dca395a87ec377b666406c9c9be4afd086 | |
| parent | e25b9a0a7c8609c4a4c01d93e53cb802d378d433 (diff) | |
fix memory leaks in SSH2 key exchange; ok markus@
| -rw-r--r-- | usr.bin/ssh/sshconnect2.c | 8 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd.c | 6 |
2 files changed, 12 insertions, 2 deletions
diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index 6f41b987a12..1b442287660 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.37 2001/01/21 19:06:00 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.38 2001/01/22 17:22:28 stevesk Exp $"); #include <openssl/bn.h> #include <openssl/md5.h> @@ -248,6 +248,7 @@ ssh_dh1_client(Kex *kex, char *host, struct sockaddr *hostaddr, ); xfree(server_host_key_blob); DH_free(dh); + BN_free(dh_server_pub); #ifdef DEBUG_KEXDH fprintf(stderr, "hash == "); for (i = 0; i< 20; i++) @@ -257,8 +258,10 @@ ssh_dh1_client(Kex *kex, char *host, struct sockaddr *hostaddr, if (key_verify(server_host_key, (u_char *)signature, slen, hash, 20) != 1) fatal("key_verify failed for server_host_key"); key_free(server_host_key); + xfree(signature); kex_derive_keys(kex, hash, shared_secret); + BN_clear_free(shared_secret); packet_set_kex(kex); /* save session id */ @@ -420,6 +423,7 @@ ssh_dhgex_client(Kex *kex, char *host, struct sockaddr *hostaddr, ); xfree(server_host_key_blob); DH_free(dh); + BN_free(dh_server_pub); #ifdef DEBUG_KEXDH fprintf(stderr, "hash == "); for (i = 0; i< 20; i++) @@ -429,8 +433,10 @@ ssh_dhgex_client(Kex *kex, char *host, struct sockaddr *hostaddr, if (key_verify(server_host_key, (u_char *)signature, slen, hash, 20) != 1) fatal("key_verify failed for server_host_key"); key_free(server_host_key); + xfree(signature); kex_derive_keys(kex, hash, shared_secret); + BN_clear_free(shared_secret); packet_set_kex(kex); /* save session id */ diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index 21b0cdbe3ca..3790acb0161 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.155 2001/01/21 19:06:00 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.156 2001/01/22 17:22:28 stevesk Exp $"); #include <openssl/dh.h> #include <openssl/bn.h> @@ -1507,6 +1507,7 @@ ssh_dh1_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit) buffer_free(server_kexinit); xfree(client_kexinit); xfree(server_kexinit); + BN_free(dh_client_pub); #ifdef DEBUG_KEXDH fprintf(stderr, "hash == "); for (i = 0; i< 20; i++) @@ -1536,6 +1537,7 @@ ssh_dh1_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit) packet_write_wait(); kex_derive_keys(kex, hash, shared_secret); + BN_clear_free(shared_secret); packet_set_kex(kex); /* have keys, free DH */ @@ -1649,6 +1651,7 @@ ssh_dhgex_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit) buffer_free(server_kexinit); xfree(client_kexinit); xfree(server_kexinit); + BN_free(dh_client_pub); #ifdef DEBUG_KEXDH fprintf(stderr, "hash == "); for (i = 0; i< 20; i++) @@ -1678,6 +1681,7 @@ ssh_dhgex_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit) packet_write_wait(); kex_derive_keys(kex, hash, shared_secret); + BN_clear_free(shared_secret); packet_set_kex(kex); /* have keys, free DH */ |