Fix a memory handling issue in the error path of function load_openssh_key(). When freeing the dynamically allocated struct openssh_key during cleanup, the pointer itself is memset instead of the pointed to struct memory. Thus the next instruction results in m_free(0).
Reported by Coverity - CID 1191536.
---
Compile tested, applies against github.com/mkj/dropbear.git
---
keyimport.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/keyimport.c b/keyimport.c
index 3da14ad..48cc1ba 100644
--- a/keyimport.c
+++ b/keyimport.c
@@ -474,7 +474,7 @@ static struct openssh_key *load_openssh_key(const char
*filename)
memset(ret->keyblob, 0, ret->keyblob_size);
m_free(ret->keyblob);
}
- memset(&ret, 0, sizeof(ret));
+ memset(ret, 0, sizeof(*ret));
m_free(ret);
}
if (fp) {
--
1.8.3.2
signature.asc
Description: PGP signature
