From 8aa6516aa1dd6fb49d2cc2530182758865103580 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Wed, 4 Jan 2017 09:46:26 +0100
Subject: auth rsa: eliminated memory leak on pkcs-1 formatting attack path

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 lib/auth/rsa.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c
index b54d415f6f..6f75bb5327 100644
--- a/lib/auth/rsa.c
+++ b/lib/auth/rsa.c
@@ -140,7 +140,7 @@ static int
 proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
 		   size_t _data_size)
 {
-	gnutls_datum_t plaintext;
+	gnutls_datum_t plaintext = {NULL, 0};
 	gnutls_datum_t ciphertext;
 	int ret, dsize;
 	int use_rnd_key = 0;
@@ -195,6 +195,10 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
 		 * attack against pkcs-1 formating).
 		 */
 		_gnutls_debug_log("auth_rsa: Possible PKCS #1 format attack\n");
+		if (ret >= 0) {
+			gnutls_free(plaintext.data);
+			plaintext.data = NULL;
+		}
 		use_rnd_key = 1;
 	} else {
 		/* If the secret was properly formatted, then
-- 
cgit v1.2.1