upstream: double free() in error path; from Eusgor via GHPR333

author djm@openbsd.org <djm@openbsd.org>

Fri, 19 Aug 2022 03:06:30 +0000 (03:06 +0000)

committer Damien Miller <djm@mindrot.org>

Fri, 19 Aug 2022 03:13:53 +0000 (13:13 +1000)
author djm@openbsd.org <djm@openbsd.org>
Fri, 19 Aug 2022 03:06:30 +0000 (03:06 +0000)
committer Damien Miller <djm@mindrot.org>
Fri, 19 Aug 2022 03:13:53 +0000 (13:13 +1000)
diff --git a/sshsig.c b/sshsig.c

index 1e3b63982ba886ed00bfeb2934989517cd6901de..eb2a931e9c1857d99c44da4ab2fd38627efdb2c4 100644 (file)
--- a/sshsig.c
+++ b/sshsig.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshsig.c,v 1.29 2022/03/30 04:27:51 djm Exp $ */
+/* $OpenBSD: sshsig.c,v 1.30 2022/08/19 03:06:30 djm Exp $ */
  /*
   * Copyright (c) 2019 Google LLC
   *
@@ -491,7 +491,7 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp)
  {
         char *hex, rbuf[8192], hash[SSH_DIGEST_MAX_LENGTH];
         ssize_t n, total = 0;
-       struct ssh_digest_ctx *ctx;
+       struct ssh_digest_ctx *ctx = NULL;
         int alg, oerrno, r = SSH_ERR_INTERNAL_ERROR;
         struct sshbuf *b = NULL;
  
@@ -514,7 +514,6 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp)
                                 continue;
                         oerrno = errno;
                         error_f("read: %s", strerror(errno));
-                       ssh_digest_free(ctx);
                         errno = oerrno;
                         r = SSH_ERR_SYSTEM_ERROR;
                         goto out;
@@ -549,9 +548,11 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp)
         /* success */
         r = 0;
   out:
+       oerrno = errno;
         sshbuf_free(b);
         ssh_digest_free(ctx);
         explicit_bzero(hash, sizeof(hash));
+       errno = oerrno;
         return r;
  }
author	djm@openbsd.org <djm@openbsd.org>
	Fri, 19 Aug 2022 03:06:30 +0000 (03:06 +0000)
committer	Damien Miller <djm@mindrot.org>
	Fri, 19 Aug 2022 03:13:53 +0000 (13:13 +1000)