projects / u / mdw / putty / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: 2331d51)
Joe Yates's memory leak patch was overenthusiastically freeing
authorsimon <simon@cda61777-01e9-0310-a592-d414129be87e>
Thu, 1 Jan 2004 16:42:48 +0000 (16:42 +0000)
committersimon <simon@cda61777-01e9-0310-a592-d414129be87e>
Thu, 1 Jan 2004 16:42:48 +0000 (16:42 +0000)
things; it called freebn on the DH gex values even if DH gex had not
taken place. Bug was trivially reproducible as a NULL-dereference
segfault by making any SSH2 connection with DH gex disabled. Should
now be fixed.

git-svn-id: svn://svn.tartarus.org/sgt/putty@3678 cda61777-01e9-0310-a592-d414129be87e

ssh.c patch | blob | blame | history

diff --git a/ssh.c b/ssh.c
index 1d88723..61786b1 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -4356,9 +4356,11 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen, int ispkt)
        logeventf(ssh, "Initialised %s decompression",
                  ssh->sccomp->text_name);
     freebn(s->f);
-    freebn(s->g);
     freebn(s->K);
-    freebn(s->p);
+    if (ssh->kex == &ssh_diffiehellman_gex) {
+       freebn(s->g);
+       freebn(s->p);
+    }
 
     /*
      * If this is the first key exchange phase, we must pass the
Local modifications for Simon Tatham's `PuTTY' SSH client and terminal emulator