- (bal) OpenBSD Resync
- markus@cvs.openbsd.org 2001/01/22 8:15:00
[auth-krb4.c sshconnect1.c]
only AFS needs radix.[ch]
- markus@cvs.openbsd.org 2001/01/22 8:32:53
[auth2.c]
no need to include; from mouring@etoh.eviladmin.org
- stevesk@cvs.openbsd.org 2001/01/22 16:55:21
[key.c]
free() -> xfree(); ok markus@
- stevesk@cvs.openbsd.org 2001/01/22 17:22:28
[sshconnect2.c sshd.c]
fix memory leaks in SSH2 key exchange; ok markus@
diff --git a/sshconnect2.c b/sshconnect2.c
index 6f41b98..1b44228 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.37 2001/01/21 19:06:00 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.38 2001/01/22 17:22:28 stevesk Exp $");
#include <openssl/bn.h>
#include <openssl/md5.h>
@@ -248,6 +248,7 @@
);
xfree(server_host_key_blob);
DH_free(dh);
+ BN_free(dh_server_pub);
#ifdef DEBUG_KEXDH
fprintf(stderr, "hash == ");
for (i = 0; i< 20; i++)
@@ -257,8 +258,10 @@
if (key_verify(server_host_key, (u_char *)signature, slen, hash, 20) != 1)
fatal("key_verify failed for server_host_key");
key_free(server_host_key);
+ xfree(signature);
kex_derive_keys(kex, hash, shared_secret);
+ BN_clear_free(shared_secret);
packet_set_kex(kex);
/* save session id */
@@ -420,6 +423,7 @@
);
xfree(server_host_key_blob);
DH_free(dh);
+ BN_free(dh_server_pub);
#ifdef DEBUG_KEXDH
fprintf(stderr, "hash == ");
for (i = 0; i< 20; i++)
@@ -429,8 +433,10 @@
if (key_verify(server_host_key, (u_char *)signature, slen, hash, 20) != 1)
fatal("key_verify failed for server_host_key");
key_free(server_host_key);
+ xfree(signature);
kex_derive_keys(kex, hash, shared_secret);
+ BN_clear_free(shared_secret);
packet_set_kex(kex);
/* save session id */