diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2021-01-27 23:49:46 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2021-01-28 10:50:56 +1100 |
| commit | d983e1732b8135d7ee8d92290d6dce35f736ab88 (patch) | |
| tree | fe57964f4977e3f82f58c7f922a71f6f866d4f3f /kex.c | |
| parent | 1134a48cdcef8e7363b9f6c73ebdd24405066738 (diff) | |
upstream: fix leak: was double allocating kex->session_id buffer
OpenBSD-Commit-ID: 3765f4cc3ae1df874dba9102a3588ba7b48b8183
Diffstat (limited to 'kex.c')
| -rw-r--r-- | kex.c | 10 |
1 files changed, 6 insertions, 4 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.165 2021/01/27 10:05:28 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.166 2021/01/27 23:49:46 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -1068,13 +1068,15 @@ kex_derive_keys(struct ssh *ssh, u_char *hash, u_int hashlen, /* save initial hash as session id */ if ((kex->flags & KEX_INITIAL) != 0) { - if ((kex->session_id = sshbuf_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; + if (sshbuf_len(kex->session_id) != 0) { + error_f("already have session ID at kex"); + return SSH_ERR_INTERNAL_ERROR; + } if ((r = sshbuf_put(kex->session_id, hash, hashlen)) != 0) return r; } else if (sshbuf_len(kex->session_id) == 0) { error_f("no session ID in rekex"); - return SSH_ERR_INTERNAL_ERROR; + return SSH_ERR_INTERNAL_ERROR; } for (i = 0; i < NKEYS; i++) { if ((r = derive_key(ssh, 'A'+i, kex->we_need, hash, hashlen, |