diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-01-04 09:46:26 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-01-04 14:05:42 +0100 |
| commit | 8aa6516aa1dd6fb49d2cc2530182758865103580 (patch) | |
| tree | 6194fa7168a5940662a2063cbb120c86cfbb8671 | |
| parent | 87ad93be891b2efe91421b506b11209a30128eb2 (diff) | |
| download | gnutls-8aa6516aa1dd6fb49d2cc2530182758865103580.tar.gz | |
auth rsa: eliminated memory leak on pkcs-1 formatting attack path
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | lib/auth/rsa.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c index b54d415f6f..6f75bb5327 100644 --- a/lib/auth/rsa.c +++ b/lib/auth/rsa.c @@ -140,7 +140,7 @@ static int proc_rsa_client_kx(gnutls_session_t session, uint8_t * data, size_t _data_size) { - gnutls_datum_t plaintext; + gnutls_datum_t plaintext = {NULL, 0}; gnutls_datum_t ciphertext; int ret, dsize; int use_rnd_key = 0; @@ -195,6 +195,10 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data, * attack against pkcs-1 formating). */ _gnutls_debug_log("auth_rsa: Possible PKCS #1 format attack\n"); + if (ret >= 0) { + gnutls_free(plaintext.data); + plaintext.data = NULL; + } use_rnd_key = 1; } else { /* If the secret was properly formatted, then |