From aa59d6a489fb20973fa461d0fdb1110db412947b Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Sun, 5 Mar 2023 09:24:35 +0000 Subject: [PATCH] upstream: Fix mem and FILE leaks in moduli screening. If multiple -Ocheckpoint= options are passed, the earlier ones would be overwritten and leaked. If we use an input file that wasn't stdin, close that. From Coverity CIDs 291884 and 291894. OpenBSD-Commit-ID: a4d9d15f572926f841788912e2b282485ad09e8b --- ssh-keygen.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ssh-keygen.c b/ssh-keygen.c index f7e929f61..b0fe5e6b0 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.464 2023/03/05 08:18:58 dtucker Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.465 2023/03/05 09:24:35 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -3015,6 +3015,7 @@ do_moduli_screen(const char *out_file, char **opts, size_t nopts) } else if (strncmp(opts[i], "start-line=", 11) == 0) { start_lineno = strtoul(opts[i]+11, NULL, 10); } else if (strncmp(opts[i], "checkpoint=", 11) == 0) { + free(checkpoint); checkpoint = xstrdup(opts[i]+11); } else if (strncmp(opts[i], "generator=", 10) == 0) { generator_wanted = (u_int32_t)strtonum( @@ -3053,6 +3054,8 @@ do_moduli_screen(const char *out_file, char **opts, size_t nopts) generator_wanted, checkpoint, start_lineno, lines_to_process) != 0) fatal("modulus screening failed"); + if (in != stdin) + (void)fclose(in); free(checkpoint); #else /* WITH_OPENSSL */ fatal("Moduli screening is not supported");