diff options
| author | Darren Tucker <dtucker@cvs.openbsd.org> | 2017-03-10 03:45:41 +0000 |
|---|---|---|
| committer | Darren Tucker <dtucker@cvs.openbsd.org> | 2017-03-10 03:45:41 +0000 |
| commit | 729bad4fcbee04224bf8248a982c62c5dfe263ed (patch) | |
| tree | 41f7abed809b807fa978d8cecde5d0eb24dce0f8 /usr.bin | |
| parent | b53de0fc5b7c25d54cc2307c9e596961dfbf40bd (diff) | |
Plug some mem leaks mostly on error paths. From jjelen at redhat.com
via bz#2687, ok djm@
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/ssh/kex.c | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/usr.bin/ssh/kex.c b/usr.bin/ssh/kex.c index 9b7753b441c..d6366ed2f93 100644 --- a/usr.bin/ssh/kex.c +++ b/usr.bin/ssh/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.128 2017/02/03 23:01:19 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.129 2017/03/10 03:45:40 dtucker Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -158,7 +158,7 @@ kex_names_valid(const char *names) char * kex_names_cat(const char *a, const char *b) { - char *ret = NULL, *tmp = NULL, *cp, *p; + char *ret = NULL, *tmp = NULL, *cp, *p, *m; size_t len; if (a == NULL || *a == '\0') @@ -175,8 +175,10 @@ kex_names_cat(const char *a, const char *b) } strlcpy(ret, a, len); for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) { - if (match_list(ret, p, NULL) != NULL) + if ((m = match_list(ret, p, NULL)) != NULL) { + free(m); continue; /* Algorithm already present */ + } if (strlcat(ret, ",", len) >= len || strlcat(ret, p, len) >= len) { free(tmp); @@ -629,8 +631,10 @@ choose_enc(struct sshenc *enc, char *client, char *server) if (name == NULL) return SSH_ERR_NO_CIPHER_ALG_MATCH; - if ((enc->cipher = cipher_by_name(name)) == NULL) + if ((enc->cipher = cipher_by_name(name)) == NULL) { + free(name); return SSH_ERR_INTERNAL_ERROR; + } enc->name = name; enc->enabled = 0; enc->iv = NULL; @@ -648,8 +652,10 @@ choose_mac(struct ssh *ssh, struct sshmac *mac, char *client, char *server) if (name == NULL) return SSH_ERR_NO_MAC_ALG_MATCH; - if (mac_setup(mac, name) < 0) + if (mac_setup(mac, name) < 0) { + free(name); return SSH_ERR_INTERNAL_ERROR; + } /* truncate the key */ if (ssh->compat & SSH_BUG_HMAC) mac->key_len = 16; @@ -673,6 +679,7 @@ choose_comp(struct sshcomp *comp, char *client, char *server) } else if (strcmp(name, "none") == 0) { comp->type = COMP_NONE; } else { + free(name); return SSH_ERR_INTERNAL_ERROR; } comp->name = name; |