[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 2/4] dh-gex: fix double-ssh_dh_init_common memory leak


Fix a memory leak whereby the x, y, and k bignum fields within
a session's next_crypto structure were being unintentionally
initialized twice.

The leak can be seen before the fix with valgrind and the pkd
tests with:

    valgrind \
      --leak-check=full \
      --show-leak-kinds=definite \
      ./pkd_hello -i1 -t torture_pkd_openssh_rsa_rsa_diffie_hellman_group_exchange_sha256

Signed-off-by: Jon Simons <jon@xxxxxxxxxxxxx>
---
 src/dh-gex.c | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/src/dh-gex.c b/src/dh-gex.c
index a52be036..cbe7e02c 100644
--- a/src/dh-gex.c
+++ b/src/dh-gex.c
@@ -552,12 +552,6 @@ static SSH_PACKET_CALLBACK(ssh_packet_server_dhgex_request)
         goto error;
     }
 
-    rc = ssh_dh_init_common(session);
-    if (rc != SSH_OK){
-        ssh_set_error_oom(session);
-        goto error;
-    }
-
     /* Minimum group size, preferred group size, maximum group size */
     rc = ssh_buffer_unpack(packet, "ddd", &pmin, &pn, &pmax);
     if (rc != SSH_OK){
-- 
2.19.1.593.gc670b1f


References:
[PATCH 0/4] dh-gex + dh: fix a couple of leaksJon Simons <jon@xxxxxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org