CVS commit: src/crypto/external/bsd/openssh/dist

[Christos Zoulas]

Module Name:    src
Committed By:   christos
Date:           Mon Nov 11 16:32:10 UTC 2013

Modified Files:
        src/crypto/external/bsd/openssh/dist: key.c ssh-pkcs11-helper.c

Log Message:
CID-1128381: Avoid use after free


To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssh/dist/key.c
cvs rdiff -u -r1.5 -r1.6 \
    src/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/crypto/external/bsd/openssh/dist/key.c
diff -u src/crypto/external/bsd/openssh/dist/key.c:1.13 src/crypto/external/bsd/openssh/dist/key.c:1.14
--- src/crypto/external/bsd/openssh/dist/key.c:1.13	Fri Nov  8 14:18:25 2013
+++ src/crypto/external/bsd/openssh/dist/key.c	Mon Nov 11 11:32:10 2013
@@ -1,4 +1,4 @@
-/*	$NetBSD: key.c,v 1.13 2013/11/08 19:18:25 christos Exp $	*/
+/*	$NetBSD: key.c,v 1.14 2013/11/11 16:32:10 christos Exp $	*/
 /* $OpenBSD: key.c,v 1.104 2013/05/19 02:42:42 djm Exp $ */
 /*
  * read_bignum():
@@ -36,7 +36,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: key.c,v 1.13 2013/11/08 19:18:25 christos Exp $");
+__RCSID("$NetBSD: key.c,v 1.14 2013/11/11 16:32:10 christos Exp $");
 #include <sys/param.h>
 #include <sys/types.h>
 
@@ -1512,6 +1512,8 @@ to_blob(const Key *key, u_char **blobp, 
 	Buffer b;
 	int len, type;
 
+	if (blobp)
+		*blobp = NULL;
 	if (key == NULL) {
 		error("key_to_blob: key == NULL");
 		return 0;

Index: src/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c
diff -u src/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c:1.5 src/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c:1.6
--- src/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c:1.5	Fri Nov  8 14:18:25 2013
+++ src/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c	Mon Nov 11 11:32:10 2013
@@ -1,4 +1,4 @@
-/*	$NetBSD: ssh-pkcs11-helper.c,v 1.5 2013/11/08 19:18:25 christos Exp $	*/
+/*	$NetBSD: ssh-pkcs11-helper.c,v 1.6 2013/11/11 16:32:10 christos Exp $	*/
 /* $OpenBSD: ssh-pkcs11-helper.c,v 1.6 2013/05/17 00:13:14 djm Exp $ */
 /*
  * Copyright (c) 2010 Markus Friedl.  All rights reserved.
@@ -16,7 +16,7 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 #include "includes.h"
-__RCSID("$NetBSD: ssh-pkcs11-helper.c,v 1.5 2013/11/08 19:18:25 christos Exp $");
+__RCSID("$NetBSD: ssh-pkcs11-helper.c,v 1.6 2013/11/11 16:32:10 christos Exp $");
 
 #include <sys/queue.h>
 #include <sys/types.h>
@@ -124,7 +124,8 @@ process_add(void)
 		buffer_put_char(&msg, SSH2_AGENT_IDENTITIES_ANSWER);
 		buffer_put_int(&msg, nkeys);
 		for (i = 0; i < nkeys; i++) {
-			key_to_blob(keys[i], &blob, &blen);
+			if (key_to_blob(keys[i], &blob, &blen) == 0)
+				continue;
 			buffer_put_string(&msg, blob, blen);
 			buffer_put_cstring(&msg, name);
 			free(blob);