mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-10 01:48:00 +00:00
Fix a more complicated memory leak.
The field s->username in the ssh2userauth state was sometimes a secondary reference to s->default_username, and sometimes a dynamically allocated string. So not freeing it can leak memory, but freeing it (if non-null) can cause a double-free crash. Solution: add a new field s->locally_allocated_username which is the thing that needs freeing (if any), and make s->username into a const char * which is always a secondary reference to _something_.
This commit is contained in:
parent
e0b811cc1f
commit
d7f254fdb0
@ -58,7 +58,8 @@ struct ssh2_userauth_state {
|
||||
bool kbd_inter_refused;
|
||||
prompts_t *cur_prompt;
|
||||
int num_prompts;
|
||||
char *username;
|
||||
const char *username;
|
||||
char *locally_allocated_username;
|
||||
char *password;
|
||||
bool got_username;
|
||||
strbuf *publickey_blob;
|
||||
@ -176,6 +177,7 @@ static void ssh2_userauth_free(PacketProtocolLayer *ppl)
|
||||
agent_cancel_query(s->auth_agent_query);
|
||||
filename_free(s->keyfile);
|
||||
sfree(s->default_username);
|
||||
sfree(s->locally_allocated_username);
|
||||
sfree(s->hostname);
|
||||
sfree(s->fullhostname);
|
||||
sfree(s->publickey_comment);
|
||||
@ -428,7 +430,9 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
|
||||
ssh_user_close(s->ppl.ssh, "No username provided");
|
||||
return;
|
||||
}
|
||||
s->username = dupstr(s->cur_prompt->prompts[0]->result);
|
||||
sfree(s->locally_allocated_username); /* for change_username */
|
||||
s->username = s->locally_allocated_username =
|
||||
dupstr(s->cur_prompt->prompts[0]->result);
|
||||
free_prompts(s->cur_prompt);
|
||||
} else {
|
||||
if ((flags & FLAG_VERBOSE) || (flags & FLAG_INTERACTIVE))
|
||||
|
Loading…
Reference in New Issue
Block a user