nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 09:58:01 +00:00
Code Issues Projects Releases Wiki Activity

Fix use after free in ssh1login.

Browse Source 
I was freeing the textual key fingerprint _before_ passing it to
seat_verify_ssh_host_key. Ahem.
This commit is contained in:
Simon Tatham 2018-12-30 13:16:28 +00:00
parent 1270d445e8
commit 869ce8867e
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ssh1login.c
View File

@ -230,8 +230,8 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl)
/* First check against manually configured host keys. */ /* First check against manually configured host keys. */
s->dlgret = verify_ssh_manual_host_key(s->conf, fingerprint, NULL); s->dlgret = verify_ssh_manual_host_key(s->conf, fingerprint, NULL);
sfree(fingerprint);
if (s->dlgret == 0) { /* did not match */ if (s->dlgret == 0) { /* did not match */
sfree(fingerprint);
sfree(keystr); sfree(keystr);
ssh_proto_error(s->ppl.ssh, "Host key did not appear in manually " ssh_proto_error(s->ppl.ssh, "Host key did not appear in manually "
"configured list"); "configured list");
@ -240,6 +240,7 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl)
s->dlgret = seat_verify_ssh_host_key( s->dlgret = seat_verify_ssh_host_key(
s->ppl.seat, s->savedhost, s->savedport, s->ppl.seat, s->savedhost, s->savedport,
"rsa", keystr, fingerprint, ssh1_login_dialog_callback, s); "rsa", keystr, fingerprint, ssh1_login_dialog_callback, s);
sfree(fingerprint);
sfree(keystr); sfree(keystr);
#ifdef FUZZING #ifdef FUZZING
s->dlgret = 1; s->dlgret = 1;