- miod@cvs.openbsd.org 2012/01/16 20:34:09

     [ssh-pkcs11-client.c]
     Fix a memory leak in pkcs11_rsa_private_encrypt(), reported by Jan Klemkow.
     While there, be sure to buffer_clear() between send_msg() and recv_msg().
     ok markus@

diff --git a/ChangeLog b/ChangeLog
index 406d7e20c1c54aea4a5fb853fabb987f36a71055..3ebe0df3047d1601353ffa8a9fa6b56408cfa5bf 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,11 @@
      [ssh-ecdsa.c]
      Fix memory leak in ssh_ecdsa_verify(); from Loganaden Velvindron,
      ok markus@
+   - miod@cvs.openbsd.org 2012/01/16 20:34:09
+     [ssh-pkcs11-client.c]
+     Fix a memory leak in pkcs11_rsa_private_encrypt(), reported by Jan Klemkow.
+     While there, be sure to buffer_clear() between send_msg() and recv_msg().
+     ok markus@
 
 20120206
  - (djm) [ssh-keygen.c] Don't fail in do_gen_all_hostkeys on platforms

diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c
index 650c37342791e79292ef5cc79e7a2354ec277f7c..82b11daf5155dd46a8dd171d73689570b2e40ce6 100644 (file)
--- a/ssh-pkcs11-client.c
+++ b/ssh-pkcs11-client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11-client.c,v 1.2 2010/02/24 06:12:53 djm Exp $ */
+/* $OpenBSD: ssh-pkcs11-client.c,v 1.3 2012/01/16 20:34:09 miod Exp $ */
 /*
  * Copyright (c) 2010 Markus Friedl.  All rights reserved.
  *
@@ -123,6 +123,7 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa,
        buffer_put_int(&msg, 0);
        xfree(blob);
        send_msg(&msg);
+       buffer_clear(&msg);
 
        if (recv_msg(&msg) == SSH2_AGENT_SIGN_RESPONSE) {
                signature = buffer_get_string(&msg, &slen);
@@ -132,6 +133,7 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa,
                }
                xfree(signature);
        }
+       buffer_free(&msg);
        return (ret);
 }