lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-11-30 13:01:23 +03:00
Code Activity

pki_crypto.c: plug ecdsa_sig->[r,s] bignum leaks

Browse Source 
Per ecdsa(3ssl), ECDSA_SIG_new does allocate its 'r' and 's' bignum fields.
Fix a bug where the initial 'r' and 's' bignums were being overwritten with
newly-allocated bignums, resulting in a memory leak.

BUG: https://red.libssh.org/issues/175

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Jon Simons
2014-10-05 05:59:54 -07:00
committed by Andreas Schneider
parent a48711ae7e
commit 4745d652b5
3 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/pki_crypto.c
View File

@@ -1421,7 +1421,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
ssh_print_hexa("r", ssh_string_data(r), ssh_string_len(r));
#endif
sig->ecdsa_sig->r = make_string_bn(r);
make_string_bn_inplace(r, sig->ecdsa_sig->r);
ssh_string_burn(r);
ssh_string_free(r);
if (sig->ecdsa_sig->r == NULL) {
@@ -1442,7 +1442,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
ssh_print_hexa("s", ssh_string_data(s), ssh_string_len(s));
#endif
sig->ecdsa_sig->s = make_string_bn(s);
make_string_bn_inplace(s, sig->ecdsa_sig->s);
ssh_string_burn(s);
ssh_string_free(s);
if (sig->ecdsa_sig->s == NULL) {