From a311ec32b1146a6fbf8561931f065e4c78ae7a10 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Sat, 4 Feb 2012 20:49:34 +0100
Subject: ecdh: Fix a memory leak in ecdh_build_k().

Thanks to Tom Judge for the report.
---
 src/ecdh.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

(limited to 'src')

diff --git a/src/ecdh.c b/src/ecdh.c
index b0fd212..292e997 100644
--- a/src/ecdh.c
+++ b/src/ecdh.c
@@ -77,23 +77,26 @@ static void ecdh_import_pubkey(ssh_session session, ssh_string pubkey_string) {
 
 static int ecdh_build_k(ssh_session session) {
   const EC_GROUP *group = EC_KEY_get0_group(session->next_crypto->ecdh_privkey);
-  EC_POINT *pubkey=EC_POINT_new(group);
+  EC_POINT *pubkey;
   void *buffer;
   int len = (EC_GROUP_get_degree(group) + 7) / 8;
-#ifdef HAVE_LIBCRYPTO
   bignum_CTX ctx = bignum_ctx_new();
   if (ctx == NULL) {
     return -1;
   }
-#endif
 
   session->next_crypto->k = bignum_new();
   if (session->next_crypto->k == NULL) {
-#ifdef HAVE_LIBCRYPTO
     bignum_ctx_free(ctx);
-#endif
     return -1;
   }
+
+  pubkey = EC_POINT_new(group);
+  if (pubkey == NULL) {
+    bignum_ctx_free(ctx);
+    return -1;
+  }
+
   if (session->server)
       EC_POINT_oct2point(group,pubkey,ssh_string_data(session->next_crypto->ecdh_client_pubkey),
               ssh_string_len(session->next_crypto->ecdh_client_pubkey),ctx);
@@ -102,6 +105,7 @@ static int ecdh_build_k(ssh_session session) {
               ssh_string_len(session->next_crypto->ecdh_server_pubkey),ctx);
   buffer = malloc(len);
   ECDH_compute_key(buffer,len,pubkey,session->next_crypto->ecdh_privkey,NULL);
+  EC_POINT_free(pubkey);
   BN_bin2bn(buffer,len,session->next_crypto->k);
   free(buffer);
   EC_KEY_free(session->next_crypto->ecdh_privkey);
-- 
cgit