X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/7d5b0f4d134bc2dab559dcf339d4b709b19550e6..954a954017ef83065bfb605b0bd99d8856071892:/ssh.c

diff --git a/ssh.c b/ssh.c
index d83d0c10..6c1aeb75 100644
--- a/ssh.c
+++ b/ssh.c
@@ -2535,6 +2535,22 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen, int ispkt)
     ssh->crcda_ctx = crcda_make_context();
     logevent("Installing CRC compensation attack detector");
 
+    if (servkey.modulus) {
+	sfree(servkey.modulus);
+	servkey.modulus = NULL;
+    }
+    if (servkey.exponent) {
+	sfree(servkey.exponent);
+	servkey.exponent = NULL;
+    }
+    if (hostkey.modulus) {
+	sfree(hostkey.modulus);
+	hostkey.modulus = NULL;
+    }
+    if (hostkey.exponent) {
+	sfree(hostkey.exponent);
+	hostkey.exponent = NULL;
+    }
     crWaitUntil(ispkt);
 
     if (ssh->pktin.type != SSH1_SMSG_SUCCESS) {
@@ -2751,6 +2767,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen, int ispkt)
 		    if (s->authed)
 			break;
 		}
+		sfree(s->response);
 	    }
 	    if (s->authed)
 		break;
@@ -3037,6 +3054,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen, int ispkt)
 		    }
 		    logevent("Sending password with camouflage packets");
 		    ssh_pkt_defersend(ssh);
+		    sfree(randomstr);
 		} 
 		else if (!(ssh->remote_bugs & BUG_NEEDS_SSH1_PLAIN_PASSWORD)) {
 		    /*
@@ -4338,6 +4356,12 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen, int ispkt)
     if (ssh->sccomp->text_name)
 	logeventf(ssh, "Initialised %s decompression",
 		  ssh->sccomp->text_name);
+    freebn(s->f);
+    freebn(s->K);
+    if (ssh->kex == &ssh_diffiehellman_gex) {
+	freebn(s->g);
+	freebn(s->p);
+    }
 
     /*
      * If this is the first key exchange phase, we must pass the
@@ -4720,6 +4744,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt)
 
 	    s->method = 0;
 	    ssh->pkt_ctx &= ~SSH2_PKTCTX_AUTH_MASK;
+	    s->need_pw = FALSE;
 
 	    /*
 	     * Most password/passphrase prompts will be
@@ -4899,6 +4924,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt)
 		    if (s->authed)
 			continue;
 		}
+		sfree(s->response);
 	    }
 
 	    if (!s->method && s->can_pubkey && s->publickey_blob
@@ -6241,10 +6267,18 @@ static void ssh_free(void *handle)
 	ssh->csmac->free_context(ssh->cs_mac_ctx);
     if (ssh->sc_mac_ctx)
 	ssh->scmac->free_context(ssh->sc_mac_ctx);
-    if (ssh->cs_comp_ctx)
-	ssh->cscomp->compress_cleanup(ssh->cs_comp_ctx);
-    if (ssh->sc_comp_ctx)
-	ssh->sccomp->compress_cleanup(ssh->sc_comp_ctx);
+    if (ssh->cs_comp_ctx) {
+	if (ssh->cscomp)
+	    ssh->cscomp->compress_cleanup(ssh->cs_comp_ctx);
+	else
+	    zlib_compress_cleanup(ssh->cs_comp_ctx);
+    }
+    if (ssh->sc_comp_ctx) {
+	if (ssh->sccomp)
+	    ssh->sccomp->decompress_cleanup(ssh->sc_comp_ctx);
+	else
+	    zlib_decompress_cleanup(ssh->sc_comp_ctx);
+    }
     if (ssh->kex_ctx)
 	dh_cleanup(ssh->kex_ctx);
     sfree(ssh->savedhost);
@@ -6278,7 +6312,22 @@ static void ssh_free(void *handle)
     sfree(ssh->do_ssh1_login_state);
     sfree(ssh->do_ssh2_transport_state);
     sfree(ssh->do_ssh2_authconn_state);
-    
+    if (ssh->pktout.data) {
+	sfree(ssh->pktout.data);
+	ssh->pktout.data = NULL;
+    }
+    if (ssh->pktin.data) {
+	sfree(ssh->pktin.data);
+	ssh->pktin.data = NULL;
+    }
+    if (ssh->crcda_ctx) {
+	crcda_free_context(ssh->crcda_ctx);
+	ssh->crcda_ctx = NULL;
+    }
+    if (ssh->logctx) {
+	log_free(ssh->logctx);
+	ssh->logctx = NULL;
+    }
     if (ssh->s)
 	ssh_do_close(ssh);
     sfree(ssh);