Move some manual freeing into freersakey().

Several pieces of old code were disposing of pieces of an RSAKey by manually freeing them one at a time. We have a centralised freersakey(), so we should use that instead wherever possible. Where it wasn't possible to switch over to that, it was because we were only freeing the private fields of the key - so I've fixed that by cutting freersakey() down the middle and exposing the private-only half as freersapriv().
2025-07-10 15:53:47 -05:00 · 2018-12-14 19:42:47 +00:00
parent 55cea187e9
commit a80edab4b5
4 changed files with 38 additions and 34 deletions
--- a/ssh1login.c
+++ b/ssh1login.c
@ -368,22 +368,8 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl)
        ssh1_bpp_new_cipher(s->ppl.bpp, cipher, s->session_key);
    }

-    if (s->servkey.modulus) {
-        sfree(s->servkey.modulus);
-        s->servkey.modulus = NULL;
-    }
-    if (s->servkey.exponent) {
-        sfree(s->servkey.exponent);
-        s->servkey.exponent = NULL;
-    }
-    if (s->hostkey.modulus) {
-        sfree(s->hostkey.modulus);
-        s->hostkey.modulus = NULL;
-    }
-    if (s->hostkey.exponent) {
-        sfree(s->hostkey.exponent);
-        s->hostkey.exponent = NULL;
-    }
+    freersakey(&s->servkey);
+    freersakey(&s->hostkey);
    crMaybeWaitUntilV((pktin = ssh1_login_pop(s)) != NULL);

    if (pktin->type != SSH1_SMSG_SUCCESS) {
@ -745,7 +731,7 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl)
                        return;
                    }
                    response = rsa_ssh1_decrypt(challenge, &s->key);
-                    freebn(s->key.private_exponent);/* burn the evidence */
+                    freersapriv(&s->key);   /* burn the evidence */

                    for (i = 0; i < 32; i++) {
                        buffer[i] = bignum_byte(response, 31 - i);