Brainy: OpenSSH Memory Leak

Maxime Villard Sat, 20 Sep 2014 23:23:58 -0700

Hi,
I put here a bug among others:

Index: ssh-ed25519.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/ssh-ed25519.c,v
retrieving revision 1.4
diff -u -r1.4 ssh-ed25519.c
--- ssh-ed25519.c       24 Jun 2014 01:13:21 -0000      1.4
+++ ssh-ed25519.c       29 Aug 2014 10:28:35 -0000
@@ -125,8 +125,10 @@
                r = SSH_ERR_INVALID_FORMAT;
                goto out;
        }
-       if (datalen >= SIZE_MAX - len)
-               return SSH_ERR_INVALID_ARGUMENT;
+       if (datalen >= SIZE_MAX - len) {
+               r = SSH_ERR_INVALID_ARGUMENT;
+               goto out;
+       }
        smlen = len + datalen;
        mlen = smlen;
        if ((sm = malloc(smlen)) == NULL || (m = xmalloc(mlen)) == NULL) {


Found by my code scanner.

Maxime

Brainy: OpenSSH Memory Leak

Reply via email to