diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2018-08-04 00:55:07 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2018-08-04 00:55:07 +0000 |
| commit | 1021402083c653207ddaa1641e1e387758e873e1 (patch) | |
| tree | 1a32d59cfb901a85ff81312c158568970cd50f49 | |
| parent | cc2b87268f69fd4b4ad76ef49ce523aa91cb8b4b (diff) | |
invalidate dh->priv_key after freeing it in error path; avoids
unlikely double-free later. Reported by Viktor Dukhovni via
https://github.com/openssh/openssh-portable/pull/96
feedback jsing@ tb@
| -rw-r--r-- | usr.bin/ssh/dh.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/usr.bin/ssh/dh.c b/usr.bin/ssh/dh.c index 9ebde8f7a0f..4b55d18b011 100644 --- a/usr.bin/ssh/dh.c +++ b/usr.bin/ssh/dh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.c,v 1.65 2018/06/26 11:23:59 millert Exp $ */ +/* $OpenBSD: dh.c,v 1.66 2018/08/04 00:55:06 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * @@ -275,6 +275,7 @@ dh_gen_key(DH *dh, int need) if (DH_generate_key(dh) == 0 || !dh_pub_is_valid(dh, dh->pub_key)) { BN_clear_free(dh->priv_key); + dh->priv_key = NULL; return SSH_ERR_LIBCRYPTO_ERROR; } return 0; |