From 2369a2810187e08f2af5d58b343956062fb96ee8 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Fri, 24 Jun 2022 10:45:06 +0000 Subject: upstream: Roll back previous KEX changes as they aren't safe until compat_pkalg_proposal and friends always allocate their returned strings. Reported by Qualys. OpenBSD-Commit-ID: 1c7a88a0d5033f42f88ab9bec58ef1cf72c81ad0 --- sshd.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) (limited to 'sshd.c') diff --git a/sshd.c b/sshd.c index 747ba1f7..d80b5e0b 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.587 2022/06/24 04:37:00 dtucker Exp $ */ +/* $OpenBSD: sshd.c,v 1.588 2022/06/24 10:45:06 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -603,7 +603,6 @@ append_hostkey_type(struct sshbuf *b, const char *s) fatal_fr(r, "sshbuf_putf"); } -/* Returns an allocated string that the caller must free. */ static char * list_hostkey_types(void) { @@ -2368,7 +2367,6 @@ static void do_ssh2_kex(struct ssh *ssh) { char *myproposal[PROPOSAL_MAX] = { KEX_SERVER }; - char *hostkey_types = NULL; struct kex *kex; int r; @@ -2390,10 +2388,8 @@ do_ssh2_kex(struct ssh *ssh) ssh_packet_set_rekey_limits(ssh, options.rekey_limit, options.rekey_interval); - hostkey_types = list_hostkey_types(); myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( - ssh, hostkey_types); - free(hostkey_types); + ssh, list_hostkey_types()); /* start key exchange */ if ((r = kex_setup(ssh, myproposal)) != 0) -- cgit v1.2.1