Mercurial > dropbear

changeset 1609:a57822db3eac

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix leaks in kex fuzzers
author Matt Johnston <matt@ucc.asn.au>
date Fri, 09 Mar 2018 23:16:37 +0800
parents 97335566a3bb
children 96e4c9b2cc00 0196f4f83fee
files fuzzer-kexdh.c fuzzer-kexecdh.c
diffstat 2 files changed, 10 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/fuzzer-kexdh.c	Fri Mar 09 20:43:11 2018 +0800
+++ b/fuzzer-kexdh.c	Fri Mar 09 23:16:37 2018 +0800
@@ -57,10 +57,14 @@
 		ses.kexhashbuf = buf_new(KEXHASHBUF_MAX_INTS);
 		kexdh_comb_key(dh_param, &dh_e, svr_opts.hostkey);
 
-		/* kexhashbuf is freed in kexdh_comb_key */
+		mp_clear(ses.dh_K);
 		m_free(ses.dh_K);
 		mp_clear(&dh_e);
 
+		buf_free(ses.hash);
+		buf_free(ses.session_id);
+		/* kexhashbuf is freed in kexdh_comb_key */
+
 		m_malloc_free_epoch(1, 0);
 	} else {
 		m_malloc_free_epoch(1, 1);
--- a/fuzzer-kexecdh.c	Fri Mar 09 20:43:11 2018 +0800
+++ b/fuzzer-kexecdh.c	Fri Mar 09 23:16:37 2018 +0800
@@ -63,10 +63,14 @@
 		ses.kexhashbuf = buf_new(KEXHASHBUF_MAX_INTS);
 		kexecdh_comb_key(ecdh_param, ecdh_qs, svr_opts.hostkey);
 
-		/* kexhashbuf is freed in kexdh_comb_key */
+		mp_clear(ses.dh_K);
 		m_free(ses.dh_K);
 		buf_free(ecdh_qs);
 
+		buf_free(ses.hash);
+		buf_free(ses.session_id);
+		/* kexhashbuf is freed in kexdh_comb_key */
+
 		m_malloc_free_epoch(1, 0);
 	} else {
 		m_malloc_free_epoch(1, 1);