nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-25 01:02:24 +00:00
Code Issues Projects Releases Wiki Activity

Another ecdsa_newkey crash: initialise ec->privateKey earlier.

Browse Source 
This one might be exploitable, since without the fix, ecdsa_freekey()
tries to wipe the bignum pointed to by an uninitialised pointer.

Bug found with the help of afl-fuzz.
This commit is contained in:
Ben Harris 2015-10-10 00:20:51 +01:00
parent f69b371bcd
commit 63b47ed9d5
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sshecc.c
View File

@ -1782,11 +1782,11 @@ static void *ecdsa_newkey(const struct ssh_signkey *self,
ec->publicKey.x = NULL;
ec->publicKey.y = NULL;
ec->publicKey.z = NULL;
ec->privateKey = NULL;
if (!getmppoint(&data, &len, &ec->publicKey)) {
ecdsa_freekey(ec);
return NULL;
}
ec->privateKey = NULL;
if (!ec->publicKey.x || !ec->publicKey.y ||
bignum_cmp(ec->publicKey.x, curve->p) >= 0 ||