]> git.ipfire.org Git - thirdparty/openssh-portable.git/commitdiff
memleak of buffer in sshpam_query
authorDamien Miller <djm@mindrot.org>
Fri, 13 Sep 2019 03:14:39 +0000 (13:14 +1000)
committerDamien Miller <djm@mindrot.org>
Fri, 13 Sep 2019 03:15:19 +0000 (13:15 +1000)
coverity report via Ed Maste; ok dtucker@

auth-pam.c

index 55253e6abbc2eaecdd9a1b5535b7a23c5e0237a5..d3f400bc30346d934ff3899e925dbbb2fdeac1ac 100644 (file)
@@ -851,6 +851,7 @@ sshpam_query(void *ctx, char **name, char **info,
                        plen += mlen;
                        **echo_on = (type == PAM_PROMPT_ECHO_ON);
                        free(msg);
+                       sshbuf_free(buffer);
                        return (0);
                case PAM_ERROR_MSG:
                case PAM_TEXT_INFO:
@@ -879,6 +880,7 @@ sshpam_query(void *ctx, char **name, char **info,
                                **echo_on = 0;
                                ctxt->pam_done = -1;
                                free(msg);
+                               sshbuf_free(buffer);
                                return 0;
                        }
                        /* FALLTHROUGH */
@@ -905,6 +907,7 @@ sshpam_query(void *ctx, char **name, char **info,
                                **echo_on = 0;
                                ctxt->pam_done = 1;
                                free(msg);
+                               sshbuf_free(buffer);
                                return (0);
                        }
                        error("PAM: %s for %s%.100s from %.100s", msg,
@@ -916,9 +919,11 @@ sshpam_query(void *ctx, char **name, char **info,
                        **echo_on = 0;
                        free(msg);
                        ctxt->pam_done = -1;
+                       sshbuf_free(buffer);
                        return (-1);
                }
        }
+       sshbuf_free(buffer);
        return (-1);
 }