diff options
| author | dtucker@openbsd.org <dtucker@openbsd.org> | 2022-07-01 03:39:44 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2022-07-01 13:41:16 +1000 |
| commit | 6c31ba10e97b6953c4f325f526f3e846dfea647a (patch) | |
| tree | 1b7b701054a45c6a7b98330d52c45b136da3399e /sshd.c | |
| parent | 486c4dc3b83b4b67d663fb0fa62bc24138ec3946 (diff) | |
| download | openssh-git-6c31ba10e97b6953c4f325f526f3e846dfea647a.tar.gz | |
upstream: Don't leak the strings allocated by order_hostkeyalgs()
and list_hostkey_types() that are passed to compat_pkalg_proposal(). Part of
github PR#324 from ZoltanFridrich, ok djm@
This is a roll-forward of the previous rollback now that the required
changes in compat.c have been done.
OpenBSD-Commit-ID: c7cd93730b3b9f53cdad3ae32462922834ef73eb
Diffstat (limited to 'sshd.c')
| -rw-r--r-- | sshd.c | 17 |
1 files changed, 11 insertions, 6 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.588 2022/06/24 10:45:06 dtucker Exp $ */ +/* $OpenBSD: sshd.c,v 1.589 2022/07/01 03:39:44 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -2368,12 +2368,14 @@ do_ssh2_kex(struct ssh *ssh) { char *myproposal[PROPOSAL_MAX] = { KEX_SERVER }; struct kex *kex; + char *prop_kex = NULL, *prop_enc = NULL, *prop_hostkey = NULL; int r; - myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(ssh, + myproposal[PROPOSAL_KEX_ALGS] = prop_kex = compat_kex_proposal(ssh, options.kex_algorithms); - myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(ssh, - options.ciphers); + myproposal[PROPOSAL_ENC_ALGS_CTOS] = + myproposal[PROPOSAL_ENC_ALGS_STOC] = prop_enc = + compat_cipher_proposal(ssh, options.ciphers); myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal(ssh, options.ciphers); myproposal[PROPOSAL_MAC_ALGS_CTOS] = @@ -2388,8 +2390,8 @@ do_ssh2_kex(struct ssh *ssh) ssh_packet_set_rekey_limits(ssh, options.rekey_limit, options.rekey_interval); - myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( - ssh, list_hostkey_types()); + myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = prop_hostkey = + compat_pkalg_proposal(ssh, list_hostkey_types()); /* start key exchange */ if ((r = kex_setup(ssh, myproposal)) != 0) @@ -2424,6 +2426,9 @@ do_ssh2_kex(struct ssh *ssh) (r = ssh_packet_write_wait(ssh)) != 0) fatal_fr(r, "send test"); #endif + free(prop_kex); + free(prop_enc); + free(prop_hostkey); debug("KEX done"); } |