1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
From 5062ad48814b06162511c4f5924a33d97b6b2566 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Fri, 19 Aug 2022 03:06:30 +0000
Subject: upstream: double free() in error path; from Eusgor via GHPR333
OpenBSD-Commit-ID: 39f35e16ba878c8d02b4d01d8826d9b321be26d4
Conflict:NA
Reference:https://anongit.mindrot.org/openssh.git/patch/?id=5062ad48814b06162511c4f5924a33d97b6b2566
---
sshsig.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/sshsig.c b/sshsig.c
index 0e8abf1..58c7df4 100644
--- a/sshsig.c
+++ b/sshsig.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshsig.c,v 1.21 2021/07/23 04:00:59 djm Exp $ */
+/* $OpenBSD: sshsig.c,v 1.30 2022/08/19 03:06:30 djm Exp $ */
/*
* Copyright (c) 2019 Google LLC
*
@@ -491,7 +491,7 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp)
{
char *hex, rbuf[8192], hash[SSH_DIGEST_MAX_LENGTH];
ssize_t n, total = 0;
- struct ssh_digest_ctx *ctx;
+ struct ssh_digest_ctx *ctx = NULL;
int alg, oerrno, r = SSH_ERR_INTERNAL_ERROR;
struct sshbuf *b = NULL;
@@ -514,7 +514,6 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp)
continue;
oerrno = errno;
error_f("read: %s", strerror(errno));
- ssh_digest_free(ctx);
ctx = NULL;
errno = oerrno;
r = SSH_ERR_SYSTEM_ERROR;
@@ -550,9 +549,11 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp)
/* success */
r = 0;
out:
+ oerrno = errno;
sshbuf_free(b);
ssh_digest_free(ctx);
explicit_bzero(hash, sizeof(hash));
+ errno = oerrno;
return r;
}
--
2.33.0
|
