diff options
author | Andreas Schneider <asn@cryptomilk.org> | 2013-11-27 20:26:14 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2013-11-27 20:26:14 +0100 |
commit | fd185acbea7bf971c154cdb028e4951c6dbba369 (patch) | |
tree | 0c05372ef69bb6151bee7ba0167b59a14846ae30 /src/curve25519.c | |
parent | 7a4e8e58f038044264b37b9138610c3cc8088946 (diff) | |
download | libssh-fd185acbea7bf971c154cdb028e4951c6dbba369.tar.gz libssh-fd185acbea7bf971c154cdb028e4951c6dbba369.tar.xz libssh-fd185acbea7bf971c154cdb028e4951c6dbba369.zip |
curve25519: Fix memory leaks in ssh_server_curve25519_init().
CID #1125255
Diffstat (limited to 'src/curve25519.c')
-rw-r--r-- | src/curve25519.c | 43 |
1 files changed, 23 insertions, 20 deletions
diff --git a/src/curve25519.c b/src/curve25519.c index 8864035a..073bf1e9 100644 --- a/src/curve25519.c +++ b/src/curve25519.c @@ -195,44 +195,36 @@ int ssh_server_curve25519_init(ssh_session session, ssh_buffer packet){ rc = ssh_get_random(session->next_crypto->curve25519_privkey, CURVE25519_PRIVKEY_SIZE, 1); if (rc == 0){ - ssh_set_error(session, SSH_FATAL, "PRNG error"); - return SSH_ERROR; + ssh_set_error(session, SSH_FATAL, "PRNG error"); + return SSH_ERROR; } crypto_scalarmult_base(session->next_crypto->curve25519_server_pubkey, session->next_crypto->curve25519_privkey); - q_s_string = ssh_string_new(CURVE25519_PUBKEY_SIZE); - if (q_s_string == NULL) { - return SSH_ERROR; - } - - ssh_string_fill(q_s_string, session->next_crypto->curve25519_server_pubkey, - CURVE25519_PUBKEY_SIZE); - rc = buffer_add_u8(session->out_buffer, SSH2_MSG_KEX_ECDH_REPLY); if (rc < 0) { ssh_set_error_oom(session); - return SSH_ERROR; + goto error; } /* build k and session_id */ rc = ssh_curve25519_build_k(session); if (rc < 0) { ssh_set_error(session, SSH_FATAL, "Cannot build k number"); - return SSH_ERROR; + goto error; } /* privkey is not allocated */ rc = ssh_get_key_params(session, &privkey); if (rc == SSH_ERROR) { - return SSH_ERROR; + goto error; } rc = make_sessionid(session); if (rc != SSH_OK) { ssh_set_error(session, SSH_FATAL, "Could not create a session id"); - return SSH_ERROR; + goto error; } /* add host's public key */ @@ -240,29 +232,37 @@ int ssh_server_curve25519_init(ssh_session session, ssh_buffer packet){ session->next_crypto->server_pubkey); if (rc < 0) { ssh_set_error_oom(session); - return SSH_ERROR; + goto error; } /* add ecdh public key */ + q_s_string = ssh_string_new(CURVE25519_PUBKEY_SIZE); + if (q_s_string == NULL) { + goto error; + } + + ssh_string_fill(q_s_string, + session->next_crypto->curve25519_server_pubkey, + CURVE25519_PUBKEY_SIZE); + rc = buffer_add_ssh_string(session->out_buffer, q_s_string); ssh_string_free(q_s_string); - if (rc < 0) { ssh_set_error_oom(session); - return SSH_ERROR; + goto error; } /* add signature blob */ sig_blob = ssh_srv_pki_do_sign_sessionid(session, privkey); if (sig_blob == NULL) { ssh_set_error(session, SSH_FATAL, "Could not sign the session id"); - return SSH_ERROR; + goto error; } rc = buffer_add_ssh_string(session->out_buffer, sig_blob); ssh_string_free(sig_blob); if (rc < 0) { ssh_set_error_oom(session); - return SSH_ERROR; + goto error; } SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_KEX_ECDH_REPLY sent"); @@ -274,7 +274,7 @@ int ssh_server_curve25519_init(ssh_session session, ssh_buffer packet){ /* Send the MSG_NEWKEYS */ rc = buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS); if (rc < 0) { - return SSH_ERROR;; + goto error; } session->dh_handshake_state = DH_STATE_NEWKEYS_SENT; @@ -282,6 +282,9 @@ int ssh_server_curve25519_init(ssh_session session, ssh_buffer packet){ SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent"); return rc; +error: + buffer_reinit(session->out_buffer); + return SSH_ERROR; } #endif /* WITH_SERVER */ |