upstream commit

Plug some mem leaks mostly on error paths.  From jjelen
at redhat.com via bz#2687, ok djm@

Upstream-ID: 3fb030149598957a51b7c8beb32bf92cf30c96f2
This commit is contained in:
dtucker@openbsd.org 2017-03-10 03:45:40 +00:00 committed by Damien Miller
parent f6edbe9feb
commit 5a06b9e019

17
kex.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kex.c,v 1.128 2017/02/03 23:01:19 djm Exp $ */ /* $OpenBSD: kex.c,v 1.129 2017/03/10 03:45:40 dtucker Exp $ */
/* /*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
* *
@ -178,7 +178,7 @@ kex_names_valid(const char *names)
char * char *
kex_names_cat(const char *a, const char *b) kex_names_cat(const char *a, const char *b)
{ {
char *ret = NULL, *tmp = NULL, *cp, *p; char *ret = NULL, *tmp = NULL, *cp, *p, *m;
size_t len; size_t len;
if (a == NULL || *a == '\0') if (a == NULL || *a == '\0')
@ -195,8 +195,10 @@ kex_names_cat(const char *a, const char *b)
} }
strlcpy(ret, a, len); strlcpy(ret, a, len);
for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) { for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) {
if (match_list(ret, p, NULL) != NULL) if ((m = match_list(ret, p, NULL)) != NULL) {
free(m);
continue; /* Algorithm already present */ continue; /* Algorithm already present */
}
if (strlcat(ret, ",", len) >= len || if (strlcat(ret, ",", len) >= len ||
strlcat(ret, p, len) >= len) { strlcat(ret, p, len) >= len) {
free(tmp); free(tmp);
@ -651,8 +653,10 @@ choose_enc(struct sshenc *enc, char *client, char *server)
if (name == NULL) if (name == NULL)
return SSH_ERR_NO_CIPHER_ALG_MATCH; return SSH_ERR_NO_CIPHER_ALG_MATCH;
if ((enc->cipher = cipher_by_name(name)) == NULL) if ((enc->cipher = cipher_by_name(name)) == NULL) {
free(name);
return SSH_ERR_INTERNAL_ERROR; return SSH_ERR_INTERNAL_ERROR;
}
enc->name = name; enc->name = name;
enc->enabled = 0; enc->enabled = 0;
enc->iv = NULL; enc->iv = NULL;
@ -670,8 +674,10 @@ choose_mac(struct ssh *ssh, struct sshmac *mac, char *client, char *server)
if (name == NULL) if (name == NULL)
return SSH_ERR_NO_MAC_ALG_MATCH; return SSH_ERR_NO_MAC_ALG_MATCH;
if (mac_setup(mac, name) < 0) if (mac_setup(mac, name) < 0) {
free(name);
return SSH_ERR_INTERNAL_ERROR; return SSH_ERR_INTERNAL_ERROR;
}
/* truncate the key */ /* truncate the key */
if (ssh->compat & SSH_BUG_HMAC) if (ssh->compat & SSH_BUG_HMAC)
mac->key_len = 16; mac->key_len = 16;
@ -695,6 +701,7 @@ choose_comp(struct sshcomp *comp, char *client, char *server)
} else if (strcmp(name, "none") == 0) { } else if (strcmp(name, "none") == 0) {
comp->type = COMP_NONE; comp->type = COMP_NONE;
} else { } else {
free(name);
return SSH_ERR_INTERNAL_ERROR; return SSH_ERR_INTERNAL_ERROR;
} }
comp->name = name; comp->name = name;