summaryrefslogtreecommitdiff
path: root/usr.bin
diff options
context:
space:
mode:
authorKevin Steves <stevesk@cvs.openbsd.org>2005-10-17 13:45:06 +0000
committerKevin Steves <stevesk@cvs.openbsd.org>2005-10-17 13:45:06 +0000
commitb8cfd2403519ed010e5b24e3fe2886d1d8cfa82a (patch)
tree69bc9ea926475a045f9d06d40928e8400e7b208d /usr.bin
parent2c6a151cc2ee6b21afcd22d05a54b467e32e0339 (diff)
fix memory leaks from 2 sources:
1) key_fingerprint_raw() 2) malloc in dns_read_rdata() ok jakob@
Diffstat (limited to 'usr.bin')
-rw-r--r--usr.bin/ssh/dns.c13
1 files changed, 9 insertions, 4 deletions
diff --git a/usr.bin/ssh/dns.c b/usr.bin/ssh/dns.c
index a62f4390084..4ff9ef3f496 100644
--- a/usr.bin/ssh/dns.c
+++ b/usr.bin/ssh/dns.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dns.c,v 1.13 2005/10/13 19:13:41 stevesk Exp $ */
+/* $OpenBSD: dns.c,v 1.14 2005/10/17 13:45:05 stevesk Exp $ */
/*
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -41,7 +41,7 @@
#include "dns.h"
#include "log.h"
-RCSID("$OpenBSD: dns.c,v 1.13 2005/10/13 19:13:41 stevesk Exp $");
+RCSID("$OpenBSD: dns.c,v 1.14 2005/10/17 13:45:05 stevesk Exp $");
#ifndef LWRES
static const char *errset_text[] = {
@@ -93,12 +93,14 @@ dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type,
*algorithm = SSHFP_KEY_DSA;
break;
default:
- *algorithm = SSHFP_KEY_RESERVED;
+ *algorithm = SSHFP_KEY_RESERVED; /* 0 */
}
if (*algorithm) {
*digest_type = SSHFP_HASH_SHA1;
*digest = key_fingerprint_raw(key, SSH_FP_SHA1, digest_len);
+ if (*digest == NULL)
+ fatal("dns_read_key: null from key_fingerprint_raw()");
success = 1;
} else {
*digest_type = SSHFP_HASH_RESERVED;
@@ -131,7 +133,7 @@ dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type,
*digest = (u_char *) xmalloc(*digest_len);
memcpy(*digest, rdata + 2, *digest_len);
} else {
- *digest = NULL;
+ *digest = xstrdup("");
}
success = 1;
@@ -245,8 +247,10 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
*flags |= DNS_VERIFY_MATCH;
}
}
+ xfree(dnskey_digest);
}
+ xfree(hostkey_digest); /* from key_fingerprint_raw() */
freerrset(fingerprints);
if (*flags & DNS_VERIFY_FOUND)
@@ -289,6 +293,7 @@ export_dns_rr(const char *hostname, const Key *key, FILE *f, int generic)
for (i = 0; i < rdata_digest_len; i++)
fprintf(f, "%02x", rdata_digest[i]);
fprintf(f, "\n");
+ xfree(rdata_digest); /* from key_fingerprint_raw() */
success = 1;
} else {
error("dns_export_rr: unsupported algorithm");