From 09c5e59933daf67b833f34b8c388766abc038483 Mon Sep 17 00:00:00 2001 From: Hannes Domani Date: Wed, 1 Apr 2015 18:44:16 +0200 Subject: [PATCH] kex: fix libgcrypt memory leaks of bignum Fixes #168. --- src/kex.c | 10 +++++----- src/libgcrypt.h | 1 + src/openssl.h | 1 + src/wincng.h | 2 ++ 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/src/kex.c b/src/kex.c index 301a54fd..08faf723 100644 --- a/src/kex.c +++ b/src/kex.c @@ -96,7 +96,7 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session, exchange_state->ctx = _libssh2_bn_ctx_new(); exchange_state->x = _libssh2_bn_init(); /* Random from client */ exchange_state->e = _libssh2_bn_init(); /* g^x mod p */ - exchange_state->f = _libssh2_bn_init(); /* g^(Random from server) mod p */ + exchange_state->f = _libssh2_bn_init_from_bin(); /* g^(Random from server) mod p */ exchange_state->k = _libssh2_bn_init(); /* The shared secret: f^x mod p */ /* Zero the whole thing out */ @@ -715,7 +715,7 @@ kex_method_diffie_hellman_group1_sha1_key_exchange(LIBSSH2_SESSION *session, if (key_state->state == libssh2_NB_state_idle) { /* g == 2 */ - key_state->p = _libssh2_bn_init(); /* SSH2 defined value (p_value) */ + key_state->p = _libssh2_bn_init_from_bin(); /* SSH2 defined value (p_value) */ key_state->g = _libssh2_bn_init(); /* SSH2 defined value (2) */ /* Initialize P and G */ @@ -790,7 +790,7 @@ kex_method_diffie_hellman_group14_sha1_key_exchange(LIBSSH2_SESSION *session, int ret; if (key_state->state == libssh2_NB_state_idle) { - key_state->p = _libssh2_bn_init(); /* SSH2 defined value (p_value) */ + key_state->p = _libssh2_bn_init_from_bin(); /* SSH2 defined value (p_value) */ key_state->g = _libssh2_bn_init(); /* SSH2 defined value (2) */ /* g == 2 */ @@ -834,8 +834,8 @@ kex_method_diffie_hellman_group_exchange_sha1_key_exchange int rc; if (key_state->state == libssh2_NB_state_idle) { - key_state->p = _libssh2_bn_init(); - key_state->g = _libssh2_bn_init(); + key_state->p = _libssh2_bn_init_from_bin(); + key_state->g = _libssh2_bn_init_from_bin(); /* Ask for a P and G pair */ #ifdef LIBSSH2_DH_GEX_NEW key_state->request[0] = SSH_MSG_KEX_DH_GEX_REQUEST; diff --git a/src/libgcrypt.h b/src/libgcrypt.h index ee9be5e6..f9da52bb 100644 --- a/src/libgcrypt.h +++ b/src/libgcrypt.h @@ -149,6 +149,7 @@ #define _libssh2_bn_ctx_new() 0 #define _libssh2_bn_ctx_free(bnctx) ((void)0) #define _libssh2_bn_init() gcry_mpi_new(0) +#define _libssh2_bn_init_from_bin() NULL /* because gcry_mpi_scan() creates a new bignum */ #define _libssh2_bn_rand(bn, bits, top, bottom) gcry_mpi_randomize (bn, bits, GCRY_WEAK_RANDOM) #define _libssh2_bn_mod_exp(r, a, p, m, ctx) gcry_mpi_powm (r, a, p, m) #define _libssh2_bn_set_word(bn, val) gcry_mpi_set_ui(bn, val) diff --git a/src/openssl.h b/src/openssl.h index 9ff9f0ea..9d0e1e84 100644 --- a/src/openssl.h +++ b/src/openssl.h @@ -175,6 +175,7 @@ void libssh2_md5(const unsigned char *message, unsigned long len, unsigned char #define _libssh2_bn_ctx_new() BN_CTX_new() #define _libssh2_bn_ctx_free(bnctx) BN_CTX_free(bnctx) #define _libssh2_bn_init() BN_new() +#define _libssh2_bn_init_from_bin() _libssh2_bn_init() #define _libssh2_bn_rand(bn, bits, top, bottom) BN_rand(bn, bits, top, bottom) #define _libssh2_bn_mod_exp(r, a, p, m, ctx) BN_mod_exp(r, a, p, m, ctx) #define _libssh2_bn_set_word(bn, val) BN_set_word(bn, val) diff --git a/src/wincng.h b/src/wincng.h index e01bdf84..429192c6 100644 --- a/src/wincng.h +++ b/src/wincng.h @@ -316,6 +316,8 @@ _libssh2_bn *_libssh2_wincng_bignum_init(void); #define _libssh2_bn_init() \ _libssh2_wincng_bignum_init() +#define _libssh2_bn_init_from_bin() \ + _libssh2_bn_init() #define _libssh2_bn_rand(bn, bits, top, bottom) \ _libssh2_wincng_bignum_rand(bn, bits, top, bottom) #define _libssh2_bn_mod_exp(r, a, p, m, ctx) \