57 lines
1.5 KiB
Diff
57 lines
1.5 KiB
Diff
From 5062ad48814b06162511c4f5924a33d97b6b2566 Mon Sep 17 00:00:00 2001
|
|
From: "djm@openbsd.org" <djm@openbsd.org>
|
|
Date: Fri, 19 Aug 2022 03:06:30 +0000
|
|
Subject: upstream: double free() in error path; from Eusgor via GHPR333
|
|
|
|
OpenBSD-Commit-ID: 39f35e16ba878c8d02b4d01d8826d9b321be26d4
|
|
|
|
Conflict:NA
|
|
Reference:https://anongit.mindrot.org/openssh.git/patch/?id=5062ad48814b06162511c4f5924a33d97b6b2566
|
|
|
|
---
|
|
sshsig.c | 7 ++++---
|
|
1 file changed, 4 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/sshsig.c b/sshsig.c
|
|
index 0e8abf1..58c7df4 100644
|
|
--- a/sshsig.c
|
|
+++ b/sshsig.c
|
|
@@ -1,4 +1,4 @@
|
|
-/* $OpenBSD: sshsig.c,v 1.21 2021/07/23 04:00:59 djm Exp $ */
|
|
+/* $OpenBSD: sshsig.c,v 1.30 2022/08/19 03:06:30 djm Exp $ */
|
|
/*
|
|
* Copyright (c) 2019 Google LLC
|
|
*
|
|
@@ -491,7 +491,7 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp)
|
|
{
|
|
char *hex, rbuf[8192], hash[SSH_DIGEST_MAX_LENGTH];
|
|
ssize_t n, total = 0;
|
|
- struct ssh_digest_ctx *ctx;
|
|
+ struct ssh_digest_ctx *ctx = NULL;
|
|
int alg, oerrno, r = SSH_ERR_INTERNAL_ERROR;
|
|
struct sshbuf *b = NULL;
|
|
|
|
@@ -514,7 +514,6 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp)
|
|
continue;
|
|
oerrno = errno;
|
|
error_f("read: %s", strerror(errno));
|
|
- ssh_digest_free(ctx);
|
|
ctx = NULL;
|
|
errno = oerrno;
|
|
r = SSH_ERR_SYSTEM_ERROR;
|
|
@@ -550,9 +549,11 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp)
|
|
/* success */
|
|
r = 0;
|
|
out:
|
|
+ oerrno = errno;
|
|
sshbuf_free(b);
|
|
ssh_digest_free(ctx);
|
|
explicit_bzero(hash, sizeof(hash));
|
|
+ errno = oerrno;
|
|
return r;
|
|
}
|
|
|
|
--
|
|
2.33.0
|
|
|