~mdw / sgt / putty / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Sanitise freeing of DSA keys.
[sgt/putty] / sshdss.c
diff --git a/sshdss.c b/sshdss.c
index 2b19a92..8c9f93e 100644 (file)
--- a/sshdss.c
+++ b/sshdss.c
@@ -111,6 +111,7 @@ static void *dss_newkey(char *data, int len)
     dss->q = getmp(&data, &len);
     dss->g = getmp(&data, &len);
     dss->y = getmp(&data, &len);
+    dss->x = NULL;
 
     return dss;
 }
@@ -118,10 +119,16 @@ static void *dss_newkey(char *data, int len)
 static void dss_freekey(void *key)
 {
     struct dss_key *dss = (struct dss_key *) key;
-    freebn(dss->p);
-    freebn(dss->q);
-    freebn(dss->g);
-    freebn(dss->y);
+    if (dss->p)
+        freebn(dss->p);
+    if (dss->q)
+        freebn(dss->q);
+    if (dss->g)
+        freebn(dss->g);
+    if (dss->y)
+        freebn(dss->y);
+    if (dss->x)
+        freebn(dss->x);
     sfree(dss);
 }
 
@@ -433,11 +440,11 @@ static void *dss_openssh_createkey(unsigned char **blob, int *len)
     dss->x = getmp(b, len);
 
     if (!dss->p || !dss->q || !dss->g || !dss->y || !dss->x) {
-       sfree(dss->p);
-       sfree(dss->q);
-       sfree(dss->g);
-       sfree(dss->y);
-       sfree(dss->x);
+       freebn(dss->p);
+       freebn(dss->q);
+       freebn(dss->g);
+       freebn(dss->y);
+       freebn(dss->x);
        sfree(dss);
        return NULL;
     }
Simon Tatham's PuTTY GUI SSH client; import of svn://svn.tartarus.org/sgt/putty