- djm@cvs.openbsd.org 2014/02/03 23:28:00

[ssh-ecdsa.c] fix memory leak; ECDSA_SIG_new() allocates 'r' and 's' for us, unlike DSA_SIG_new. Reported by Batz Spear; ok markus@
2014-02-04 11:20:40 +11:00 · 2014-02-04 11:20:40 +11:00 · aae07e2e20
parent a5103f413b
commit aae07e2e20
2 changed files with 5 additions and 4 deletions
--- a/4
+++ b/4
@ -53,6 +53,10 @@
     [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c]
     [sshd.c]
     convert memset of potentially-private data to explicit_bzero()
+   - djm@cvs.openbsd.org 2014/02/03 23:28:00
+     [ssh-ecdsa.c]
+     fix memory leak; ECDSA_SIG_new() allocates 'r' and 's' for us, unlike
+     DSA_SIG_new. Reported by Batz Spear; ok markus@

 20140131
 - (djm) [sandbox-seccomp-filter.c sandbox-systrace.c] Allow shutdown(2)
--- a/ssh-ecdsa.c
+++ b/ssh-ecdsa.c
@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-ecdsa.c,v 1.9 2014/02/02 03:44:31 djm Exp $ */
+/* $OpenBSD: ssh-ecdsa.c,v 1.10 2014/02/03 23:28:00 djm Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 * Copyright (c) 2010 Damien Miller.  All rights reserved.
@ -140,9 +140,6 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
 	/* parse signature */
 	if ((sig = ECDSA_SIG_new()) == NULL)
 		fatal("%s: ECDSA_SIG_new failed", __func__);
-	if ((sig->r = BN_new()) == NULL ||
-	    (sig->s = BN_new()) == NULL)
-		fatal("%s: BN_new failed", __func__);

 	buffer_init(&bb);
 	buffer_append(&bb, sigblob, len);