nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-25 01:02:24 +00:00
Code Issues Projects Releases Wiki Activity

Fix two double-frees in ssh2_load_userkey().

Browse Source 
We should NULL out mac after freeing it, so that the cleanup code
doesn't try to free it again; also if the final key creation fails, we
should avoid freeing ret->comment when we're going to go to that same
cleanup code which will free 'comment' which contains the same pointer.

Thanks to Christopher Staite for pointing these out.
This commit is contained in:
Simon Tatham 2014-10-28 18:39:55 +00:00
parent bbfd5f4a7c
commit 32adc1a79d
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sshpubk.c
View File

@ -779,6 +779,7 @@ struct ssh2_userkey *ssh2_load_userkey(const Filename *filename,
}
}
sfree(mac);
mac = NULL;
/*
* Create and return the key.
@ -789,7 +790,6 @@ struct ssh2_userkey *ssh2_load_userkey(const Filename *filename,
ret->data = alg->createkey(public_blob, public_blob_len,
private_blob, private_blob_len);
if (!ret->data) {
sfree(ret->comment);
sfree(ret);
ret = NULL;
error = "createkey failed";