diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-01-04 09:46:26 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-01-04 15:38:25 +0100 |
commit | 097a347d7bad44c8d187363d45465d5db7eaf723 (patch) | |
tree | 60e6c60b0843b7a68c012663f4a5ac2bbb772058 | |
parent | f34a4fe15c393b9fc2b0f6dd3e0b0d859603a9e0 (diff) | |
download | gnutls-097a347d7bad44c8d187363d45465d5db7eaf723.tar.gz |
auth rsa: eliminated memory leak on pkcs-1 formatting attack path
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/auth/rsa.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c index 128e7b4b87..140f17043e 100644 --- a/lib/auth/rsa.c +++ b/lib/auth/rsa.c @@ -112,7 +112,7 @@ static int proc_rsa_client_kx(gnutls_session_t session, uint8_t * data, size_t _data_size) { - gnutls_datum_t plaintext; + gnutls_datum_t plaintext = {NULL, 0}; gnutls_datum_t ciphertext; int ret, dsize; int randomize_key = 0; @@ -150,6 +150,11 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data, _gnutls_audit_log(session, "auth_rsa: Possible PKCS #1 format attack\n"); randomize_key = 1; + + if (ret >= 0) { + gnutls_free(plaintext.data); + plaintext.data = NULL; + } } else { /* If the secret was properly formatted, then * check the version number. |