lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-11-29 01:03:57 +03:00
Code Activity

messages: Make sure we always free the answers pointer

Browse Source 
Found by ozz-fuzz

BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1272

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Andreas Schneider
2017-04-26 10:55:25 +02:00
parent 7c79b5c154
commit abbd6e304a
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/messages.c
View File

@@ -969,7 +969,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){
goto error;
}
} else if (session->kbdint->nanswers > 0) {
} else if (session->kbdint->answers != NULL) {
uint32_t n;
for (n = 0; n < session->kbdint->nanswers; n++) {
@@ -998,7 +998,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){
}
session->kbdint->nanswers = nanswers;
session->kbdint->answers = calloc(1, nanswers * sizeof(char *));
session->kbdint->answers = calloc(nanswers, sizeof(char *));
if (session->kbdint->answers == NULL) {
session->kbdint->nanswers = 0;
ssh_set_error_oom(session);