upstream: double free() in error path; from Eusgor via GHPR333

OpenBSD-Commit-ID: 39f35e16ba878c8d02b4d01d8826d9b321be26d4
author: djm@openbsd.org <djm@openbsd.org> 2022-08-19 03:06:30 +0000
committer: Damien Miller <djm@mindrot.org> 2022-08-19 13:13:53 +1000
commit: 5062ad48814b06162511c4f5924a33d97b6b2566 (patch)
tree: f7ce0dc8605c0405897d1b9d1eb27ea0f70de7cb /sshsig.c
parent: 5a5c580b48fc6006bdfa731fc2f6d4945c2c0e4e (diff)
download: openssh-git-5062ad48814b06162511c4f5924a33d97b6b2566.tar.gz
1 files changed, 4 insertions, 3 deletions
diff --git a/sshsig.c b/sshsig.c
index 1e3b6398..eb2a931e 100644
--- a/sshsig.c
+++ b/sshsig.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshsig.c,v 1.29 2022/03/30 04:27:51 djm Exp $ */
+/* $OpenBSD: sshsig.c,v 1.30 2022/08/19 03:06:30 djm Exp $ */
 /*
  * Copyright (c) 2019 Google LLC
  *
@@ -491,7 +491,7 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp)
 {
 	char *hex, rbuf[8192], hash[SSH_DIGEST_MAX_LENGTH];
 	ssize_t n, total = 0;
-	struct ssh_digest_ctx *ctx;
+	struct ssh_digest_ctx *ctx = NULL;
 	int alg, oerrno, r = SSH_ERR_INTERNAL_ERROR;
 	struct sshbuf *b = NULL;
 
@@ -514,7 +514,6 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp)
 				continue;
 			oerrno = errno;
 			error_f("read: %s", strerror(errno));
-			ssh_digest_free(ctx);
 			errno = oerrno;
 			r = SSH_ERR_SYSTEM_ERROR;
 			goto out;
@@ -549,9 +548,11 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp)
 	/* success */
 	r = 0;
  out:
+	oerrno = errno;
 	sshbuf_free(b);
 	ssh_digest_free(ctx);
 	explicit_bzero(hash, sizeof(hash));
+	errno = oerrno;
 	return r;
 }
author	djm@openbsd.org <djm@openbsd.org>	2022-08-19 03:06:30 +0000
committer	Damien Miller <djm@mindrot.org>	2022-08-19 13:13:53 +1000
commit	5062ad48814b06162511c4f5924a33d97b6b2566 (patch)
tree	f7ce0dc8605c0405897d1b9d1eb27ea0f70de7cb /sshsig.c
parent	5a5c580b48fc6006bdfa731fc2f6d4945c2c0e4e (diff)
download	openssh-git-5062ad48814b06162511c4f5924a33d97b6b2566.tar.gz