Fix two memory leaks in `ssh_get_pubkey_hash` for some error paths. The local `h` buffer and `ctx` MD5 context each must be free'd for the SSH_ERROR cases.
Introduced with 16217454d576511f37f39c3169963629f9d5082f. Signed-off-by: Jon Simons <[email protected]> --- src/dh.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/dh.c b/src/dh.c index 733c6e76..c3de5b99 100644 --- a/src/dh.c +++ b/src/dh.c @@ -1008,15 +1008,20 @@ int ssh_get_pubkey_hash(ssh_session session, unsigned char **hash) { } rc = ssh_get_server_publickey(session, &pubkey); - if (rc != 0) { + if (rc != SSH_OK) { + md5_final(h, ctx); SAFE_FREE(h); return SSH_ERROR; } rc = ssh_pki_export_pubkey_blob(pubkey, &pubkey_blob); ssh_key_free(pubkey); - if (rc != 0) { + if (rc != SSH_OK) { + md5_final(h, ctx); + SAFE_FREE(h); + return SSH_ERROR; } + md5_update(ctx, ssh_string_data(pubkey_blob), ssh_string_len(pubkey_blob)); ssh_string_free(pubkey_blob); md5_final(h, ctx); -- 2.14.1
