messages: Do not leak memory if answered had been allocated previously

BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1184 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2025-11-29 01:03:57 +03:00 · 2017-04-21 11:12:10 +02:00
parent d5d8349224
commit c78c6c6542
1 changed files with 3 additions and 2 deletions
--- a/src/messages.c
+++ b/src/messages.c
@@ -988,7 +988,9 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){
                " mismatch: p=%u a=%u", session->kbdint->nprompts, nanswers);
  }
  session->kbdint->nanswers = nanswers;
-  session->kbdint->answers = malloc(nanswers * sizeof(char *));
+
+  SAFE_FREE(session->kbdint->answers);
+  session->kbdint->answers = calloc(1, nanswers * sizeof(char *));
  if (session->kbdint->answers == NULL) {
    session->kbdint->nanswers = 0;
    ssh_set_error_oom(session);
@@ -997,7 +999,6 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){

    goto error;
  }
-  memset(session->kbdint->answers, 0, nanswers * sizeof(char *));

  for (i = 0; i < nanswers; i++) {
    tmp = ssh_buffer_get_ssh_string(packet);