Re: CVS commit: src/crypto/external/bsd/openssh/dist

To: maya%netbsd.org@localhost
Subject: Re: CVS commit: src/crypto/external/bsd/openssh/dist
From: christos%zoulas.com@localhost (Christos Zoulas)
Date: Tue, 6 Feb 2018 11:32:30 -0500

On Feb 6,  1:26pm, maya%netbsd.org@localhost (maya%netbsd.org@localhost) wrote:
-- Subject: Re: CVS commit: src/crypto/external/bsd/openssh/dist

| > +	const BIGNUM *pub_key;
| > +	if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0)
| > +		goto out;
| > +	DH_get0_key(kex->dh, &pub_key, NULL);
| > +	if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_INIT)) != 0 ||
| > +	    (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 ||
| > +	    (r = sshpkt_send(ssh)) != 0) {
| >  		goto out;
| > +	}
| > +	}
| >  	debug("SSH2_MSG_KEX_DH_GEX_INIT sent");
| >  #ifdef DEBUG_KEXDH
| >  	DHparams_print_fp(stderr, kex->dh);
| > @@ -134,10 +140,12 @@ input_kex_dh_gex_group(int type, u_int32
| >  	ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_REPLY, &input_kex_dh_gex_reply);
| >  	r = 0;
| >  out:
| > -	if (p)
| > +	if (r != 0) {
| >  		BN_clear_free(p);
| > -	if (g)
| >  		BN_clear_free(g);
| > +		DH_free(kex->dh);
| > +		kex->dh = NULL;
| > +	}
| >  	return r;
| 
| BN_clear_free will null deref on this error path I think


void BN_clear_free(BIGNUM *a) 
{
    int i; 

    if (a == NULL)
        return;


christos

References:
- Re: CVS commit: src/crypto/external/bsd/openssh/dist
  - From: maya

Prev by Date: Re: CVS commit: src/crypto/external/bsd/openssh/dist
Next by Date: Re: CVS commit: src/share/man/man4
Previous by Thread: Re: CVS commit: src/crypto/external/bsd/openssh/dist
Next by Thread: Re: CVS commit: src/share/man/man4
Indexes:

Home | Main Index | Thread Index | Old Index