From 24b9e6716dd8e45a80ae62cc181cc1f73add06cf Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Wed, 2 Jan 2019 08:55:03 +0000 Subject: [PATCH] Check for null pointers in dh_cleanup. If we have to abandon a Diffie-Hellman key exchange part way through (e.g. the connection slams shut), and we haven't yet run all the stages of the DH algorithm, then some of the mp_ints in the dh_ctx will be NULL. So we shouldn't mp_free them without checking first. --- sshdh.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/sshdh.c b/sshdh.c index b7c4b136..a685c1ec 100644 --- a/sshdh.c +++ b/sshdh.c @@ -186,11 +186,16 @@ int dh_modulus_bit_size(const struct dh_ctx *ctx) */ void dh_cleanup(struct dh_ctx *ctx) { - mp_free(ctx->x); - mp_free(ctx->e); - mp_free(ctx->p); - mp_free(ctx->g); - mp_free(ctx->q); + if (ctx->x) + mp_free(ctx->x); + if (ctx->e) + mp_free(ctx->e); + if (ctx->p) + mp_free(ctx->p); + if (ctx->g) + mp_free(ctx->g); + if (ctx->q) + mp_free(ctx->q); sfree(ctx); }