Overview

File 0011-CVE-2012-4561-Fix-possible-free-s-on-invalid-pointer.patch of Package libssh.openSUSE_12.1_Update

From 8f2305c18c27ea8e2309bb897eef64e0351b170a Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Fri, 5 Oct 2012 15:07:17 +0200
Subject: [PATCH 11/11] CVE-2012-4561: Fix possible free's on invalid
 pointers.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit a211a6ee1a6aee251a5b45890c6cf870178b5ea4)
---
 src/keys.c |    5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/keys.c b/src/keys.c
index de6b8f2..9ae25a3 100644
--- a/src/keys.c
+++ b/src/keys.c
@@ -88,6 +88,7 @@ ssh_public_key publickey_make_dss(ssh_session session, ssh_buffer buffer) {
     ssh_buffer_free(buffer);
     return NULL;
   }
+  ZERO_STRUCTP(key);
 
   key->type = SSH_KEYTYPE_DSS;
   key->type_c = ssh_type_to_char(key->type);
@@ -173,6 +174,7 @@ ssh_public_key publickey_make_rsa(ssh_session session, ssh_buffer buffer,
     ssh_buffer_free(buffer);
     return NULL;
   }
+  ZERO_STRUCTP(key);
 
   key->type = type;
   key->type_c = ssh_type_to_char(key->type);
@@ -897,6 +899,7 @@ SIGNATURE *signature_from_string(ssh_session session, ssh_string signature,
     ssh_set_error(session, SSH_FATAL, "Not enough space");
     return NULL;
   }
+  ZERO_STRUCTP(sign);
 
   tmpbuf = ssh_buffer_new();
   if (tmpbuf == NULL) {
@@ -1280,6 +1283,7 @@ ssh_string ssh_do_sign(ssh_session session, ssh_buffer sigbuf,
   if (sign == NULL) {
     return NULL;
   }
+  ZERO_STRUCTP(sign);
 
   switch(privatekey->type) {
     case SSH_KEYTYPE_DSS:
@@ -1436,6 +1440,7 @@ ssh_string ssh_sign_session_id(ssh_session session, ssh_private_key privatekey)
   if (sign == NULL) {
     return NULL;
   }
+  ZERO_STRUCTP(sign);
 
   switch(privatekey->type) {
     case SSH_KEYTYPE_DSS:
-- 
1.7.10.4
openSUSE Build Service is sponsored by
Places