pki_crypto.c: plug ecdsa_sig->[r,s] bignum leaks

Per ecdsa(3ssl), ECDSA_SIG_new does allocate its 'r' and 's' bignum fields.
Fix a bug where the initial 'r' and 's' bignums were being overwritten with
newly-allocated bignums, resulting in a memory leak.

BUG: https://red.libssh.org/issues/175

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

(cherry picked from commit 4745d652b5e71c27fd891edfe690162c0b8d3005)

2 files changed, 11 insertions, 2 deletions

diff --git a/src/dh.c b/src/dh.c
index 3c2e5adb..84355d48 100644
--- a/src/dh.c
+++ b/src/dh.c
@@ -407,6 +407,15 @@ bignum make_string_bn(ssh_string string){
   return bn;
 }
 
+void make_string_bn_inplace(ssh_string string, bignum bnout) {
+  unsigned int len = ssh_string_len(string);
+#ifdef HAVE_LIBGCRYPT
+  #error "unsupported"
+#elif defined HAVE_LIBCRYPTO
+  bignum_bin2bn(string->data, len, bnout);
+#endif
+}
+
 ssh_string dh_get_e(ssh_session session) {
   return make_bignum_string(session->next_crypto->e);
 }
diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index 5e2585da..39742817 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -1397,7 +1397,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
                 ssh_print_hexa("r", ssh_string_data(r), ssh_string_len(r));
 #endif
 
-                sig->ecdsa_sig->r = make_string_bn(r);
+                make_string_bn_inplace(r, sig->ecdsa_sig->r);
                 ssh_string_burn(r);
                 ssh_string_free(r);
                 if (sig->ecdsa_sig->r == NULL) {
@@ -1418,7 +1418,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
                 ssh_print_hexa("s", ssh_string_data(s), ssh_string_len(s));
 #endif
 
-                sig->ecdsa_sig->s = make_string_bn(s);
+                make_string_bn_inplace(s, sig->ecdsa_sig->s);
                 ssh_string_burn(s);
                 ssh_string_free(s);
                 if (sig->ecdsa_sig->s == NULL) {