nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 01:48:00 +00:00
Code Issues Projects Releases Wiki Activity

Fix memory management in bignum_random_in_range.

Browse Source 
We were allocating a new array in which to make up a random number
every time we went round the loop, and not freeing any of them. Now we
allocate a single array to use for all loop iterations, and clear and
free it properly afterwards.

Patch due to Tim Kosse.
This commit is contained in:
Simon Tatham 2014-12-20 18:43:46 +00:00
parent 0acc74d711
commit c46da2f079
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
sshbn.c
View File

@ -1236,18 +1236,18 @@ Bignum bignum_from_bytes(const unsigned char *data, int nbytes)
Bignum bignum_random_in_range(const Bignum lower, const Bignum upper)
{
Bignum ret = NULL;
unsigned char *bytes;
int upper_len = bignum_bitcount(upper);
int upper_bytes = upper_len / 8;
int upper_bits = upper_len % 8;
if (upper_bits) ++upper_bytes;
bytes = snewn(upper_bytes, unsigned char);
do {
unsigned char *bytes;
int i;
if (ret) freebn(ret);
bytes = snewn(upper_bytes, unsigned char);
for (i = 0; i < upper_bytes; ++i)
{
bytes[i] = (unsigned char)random_byte();
@ -1260,6 +1260,7 @@ Bignum bignum_random_in_range(const Bignum lower, const Bignum upper)
ret = bignum_from_bytes(bytes, upper_bytes);
} while (bignum_cmp(ret, lower) < 0 || bignum_cmp(ret, upper) > 0);
sfree(bytes);
return ret;
}