Overview

File 0001-CVE-2020-1730-Fix-a-possible-segfault-when-zeroing-A.patch of Package libssh.14666

From fa772dbe48f6c716f130e80562840d47dda5a1b7 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Tue, 11 Feb 2020 11:52:33 +0100
Subject: [PATCH] CVE-2020-1730: Fix a possible segfault when zeroing AES-CTR
 key

Fixes T213

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
---
 src/libcrypto.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/libcrypto.c b/src/libcrypto.c
index b3792264..e9f519ec 100644
--- a/src/libcrypto.c
+++ b/src/libcrypto.c
@@ -713,8 +713,12 @@ aes_ctr_encrypt(struct ssh_cipher_struct *cipher,
 }
 
 static void aes_ctr_cleanup(struct ssh_cipher_struct *cipher){
-    explicit_bzero(cipher->aes_key, sizeof(*cipher->aes_key));
-    SAFE_FREE(cipher->aes_key);
+    if (cipher != NULL) {
+        if (cipher->aes_key != NULL) {
+            explicit_bzero(cipher->aes_key, sizeof(*cipher->aes_key));
+        }
+        SAFE_FREE(cipher->aes_key);
+    }
 }
 
 #endif /* HAVE_OPENSSL_EVP_AES_CTR */
-- 
2.26.0
openSUSE Build Service is sponsored by
Places