1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-25 01:02:24 +00:00

Fix a more complicated memory leak.

The field s->username in the ssh2userauth state was sometimes a
secondary reference to s->default_username, and sometimes a
dynamically allocated string. So not freeing it can leak memory, but
freeing it (if non-null) can cause a double-free crash.

Solution: add a new field s->locally_allocated_username which is the
thing that needs freeing (if any), and make s->username into a const
char * which is always a secondary reference to _something_.
This commit is contained in:
Simon Tatham 2019-07-06 18:06:04 +01:00
parent e0b811cc1f
commit d7f254fdb0

View File

@ -58,7 +58,8 @@ struct ssh2_userauth_state {
bool kbd_inter_refused;
prompts_t *cur_prompt;
int num_prompts;
char *username;
const char *username;
char *locally_allocated_username;
char *password;
bool got_username;
strbuf *publickey_blob;
@ -176,6 +177,7 @@ static void ssh2_userauth_free(PacketProtocolLayer *ppl)
agent_cancel_query(s->auth_agent_query);
filename_free(s->keyfile);
sfree(s->default_username);
sfree(s->locally_allocated_username);
sfree(s->hostname);
sfree(s->fullhostname);
sfree(s->publickey_comment);
@ -428,7 +430,9 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
ssh_user_close(s->ppl.ssh, "No username provided");
return;
}
s->username = dupstr(s->cur_prompt->prompts[0]->result);
sfree(s->locally_allocated_username); /* for change_username */
s->username = s->locally_allocated_username =
dupstr(s->cur_prompt->prompts[0]->result);
free_prompts(s->cur_prompt);
} else {
if ((flags & FLAG_VERBOSE) || (flags & FLAG_INTERACTIVE))