summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2018-08-04 00:55:06 +0000
committerDamien Miller <djm@mindrot.org>2018-08-06 11:07:17 +1000
commit967226a1bdde59ea137e8f0df871854ff7b91366 (patch)
tree59392d040b5d6f8762955db701bde5ef2f075b88
parent74287f5df9966a0648b4a68417451dd18f079ab8 (diff)
upstream: invalidate dh->priv_key after freeing it in error path;
avoids unlikely double-free later. Reported by Viktor Dukhovni via https://github.com/openssh/openssh-portable/pull/96 feedback jsing@ tb@ OpenBSD-Commit-ID: e317eb17c3e05500ae851f279ef6486f0457c805
Diffstat
-rw-r--r--dh.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/dh.c b/dh.c
index faa19a16..ac8d5a0a 100644
--- a/dh.c
+++ b/dh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.c,v 1.65 2018/06/26 11:23:59 millert Exp $ */
+/* $OpenBSD: dh.c,v 1.66 2018/08/04 00:55:06 djm Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
*
@@ -279,6 +279,7 @@ dh_gen_key(DH *dh, int need)
if (DH_generate_key(dh) == 0 ||
!dh_pub_is_valid(dh, dh->pub_key)) {
BN_clear_free(dh->priv_key);
+ dh->priv_key = NULL;
return SSH_ERR_LIBCRYPTO_ERROR;
}
return 0;
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-05 08:43:19 +0000