- (bal) OpenBSD Resync

   - markus@cvs.openbsd.org 2001/01/22 8:15:00
     [auth-krb4.c sshconnect1.c]
     only AFS needs radix.[ch]
   - markus@cvs.openbsd.org 2001/01/22 8:32:53
     [auth2.c]
     no need to include; from mouring@etoh.eviladmin.org
   - stevesk@cvs.openbsd.org 2001/01/22 16:55:21
     [key.c]
     free() -> xfree(); ok markus@
   - stevesk@cvs.openbsd.org 2001/01/22 17:22:28
     [sshconnect2.c sshd.c]
     fix memory leaks in SSH2 key exchange; ok markus@

1 files changed, 5 insertions, 1 deletions

diff --git a/sshd.c b/sshd.c
index 77a17e14..686e7c26 100644
--- a/sshd.c
+++ b/sshd.c
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.155 2001/01/21 19:06:00 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.156 2001/01/22 17:22:28 stevesk Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -1531,6 +1531,7 @@ ssh_dh1_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit)
 	buffer_free(server_kexinit);
 	xfree(client_kexinit);
 	xfree(server_kexinit);
+	BN_free(dh_client_pub);
 #ifdef DEBUG_KEXDH
 	fprintf(stderr, "hash == ");
 	for (i = 0; i< 20; i++)
@@ -1560,6 +1561,7 @@ ssh_dh1_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit)
 	packet_write_wait();
 
 	kex_derive_keys(kex, hash, shared_secret);
+	BN_clear_free(shared_secret);
 	packet_set_kex(kex);
 
 	/* have keys, free DH */
@@ -1673,6 +1675,7 @@ ssh_dhgex_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit)
 	buffer_free(server_kexinit);
 	xfree(client_kexinit);
 	xfree(server_kexinit);
+	BN_free(dh_client_pub);
 #ifdef DEBUG_KEXDH
 	fprintf(stderr, "hash == ");
 	for (i = 0; i< 20; i++)
@@ -1702,6 +1705,7 @@ ssh_dhgex_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit)
 	packet_write_wait();
 
 	kex_derive_keys(kex, hash, shared_secret);
+	BN_clear_free(shared_secret);
 	packet_set_kex(kex);
 
 	/* have keys, free DH */