diff --git a/ChangeLog b/ChangeLog index 406d7e20c..3ebe0df30 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,11 @@ [ssh-ecdsa.c] Fix memory leak in ssh_ecdsa_verify(); from Loganaden Velvindron, ok markus@ + - miod@cvs.openbsd.org 2012/01/16 20:34:09 + [ssh-pkcs11-client.c] + Fix a memory leak in pkcs11_rsa_private_encrypt(), reported by Jan Klemkow. + While there, be sure to buffer_clear() between send_msg() and recv_msg(). + ok markus@ 20120206 - (djm) [ssh-keygen.c] Don't fail in do_gen_all_hostkeys on platforms diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c index 650c37342..82b11daf5 100644 --- a/ssh-pkcs11-client.c +++ b/ssh-pkcs11-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11-client.c,v 1.2 2010/02/24 06:12:53 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11-client.c,v 1.3 2012/01/16 20:34:09 miod Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * @@ -123,6 +123,7 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, buffer_put_int(&msg, 0); xfree(blob); send_msg(&msg); + buffer_clear(&msg); if (recv_msg(&msg) == SSH2_AGENT_SIGN_RESPONSE) { signature = buffer_get_string(&msg, &slen); @@ -132,6 +133,7 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, } xfree(signature); } + buffer_free(&msg); return (ret); }