Mercurial > dropbear
comparison fuzzer-kexecdh.c @ 1609:a57822db3eac
Fix leaks in kex fuzzers
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Fri, 09 Mar 2018 23:16:37 +0800 |
| parents | 98d2b125eb89 |
| children |
comparison
equal
deleted
inserted
replaced
| 1608:97335566a3bb | 1609:a57822db3eac |
|---|---|
| 61 buffer * ecdh_qs = buf_getstringbuf(fuzz.input); | 61 buffer * ecdh_qs = buf_getstringbuf(fuzz.input); |
| 62 | 62 |
| 63 ses.kexhashbuf = buf_new(KEXHASHBUF_MAX_INTS); | 63 ses.kexhashbuf = buf_new(KEXHASHBUF_MAX_INTS); |
| 64 kexecdh_comb_key(ecdh_param, ecdh_qs, svr_opts.hostkey); | 64 kexecdh_comb_key(ecdh_param, ecdh_qs, svr_opts.hostkey); |
| 65 | 65 |
| 66 /* kexhashbuf is freed in kexdh_comb_key */ | 66 mp_clear(ses.dh_K); |
| 67 m_free(ses.dh_K); | 67 m_free(ses.dh_K); |
| 68 buf_free(ecdh_qs); | 68 buf_free(ecdh_qs); |
| 69 | |
| 70 buf_free(ses.hash); | |
| 71 buf_free(ses.session_id); | |
| 72 /* kexhashbuf is freed in kexdh_comb_key */ | |
| 69 | 73 |
| 70 m_malloc_free_epoch(1, 0); | 74 m_malloc_free_epoch(1, 0); |
| 71 } else { | 75 } else { |
| 72 m_malloc_free_epoch(1, 1); | 76 m_malloc_free_epoch(1, 1); |
| 73 TRACE(("dropbear_exit longjmped")) | 77 TRACE(("dropbear_exit longjmped")) |