X-Git-Url: https://git.distorted.org.uk/~mdw/sgt/putty/blobdiff_plain/b165006759a81e8ecc4e86e0540fd69343ea46e9..14ec1d8392d27cd5f9dc923ff7dc6416827d4060:/sshdss.c

diff --git a/sshdss.c b/sshdss.c
index 0484c443..e634b984 100644
--- a/sshdss.c
+++ b/sshdss.c
@@ -72,6 +72,9 @@ static Bignum get160(char **data, int *datalen)
 {
     Bignum b;
 
+    if (*datalen < 20)
+        return NULL;
+
     b = bignum_from_bytes((unsigned char *)*data, 20);
     *data += 20;
     *datalen -= 20;
@@ -86,8 +89,6 @@ static void *dss_newkey(char *data, int len)
     struct dss_key *dss;
 
     dss = snew(struct dss_key);
-    if (!dss)
-	return NULL;
     getstring(&data, &len, &p, &slen);
 
 #ifdef DEBUG_DSS
@@ -108,6 +109,7 @@ static void *dss_newkey(char *data, int len)
     dss->q = getmp(&data, &len);
     dss->g = getmp(&data, &len);
     dss->y = getmp(&data, &len);
+    dss->x = NULL;
 
     return dss;
 }
@@ -115,10 +117,16 @@ static void *dss_newkey(char *data, int len)
 static void dss_freekey(void *key)
 {
     struct dss_key *dss = (struct dss_key *) key;
-    freebn(dss->p);
-    freebn(dss->q);
-    freebn(dss->g);
-    freebn(dss->y);
+    if (dss->p)
+        freebn(dss->p);
+    if (dss->q)
+        freebn(dss->q);
+    if (dss->g)
+        freebn(dss->g);
+    if (dss->y)
+        freebn(dss->y);
+    if (dss->x)
+        freebn(dss->x);
     sfree(dss);
 }
 
@@ -289,6 +297,8 @@ static int dss_verifysig(void *key, char *sig, int siglen,
 
     freebn(w);
     freebn(sha);
+    freebn(u1);
+    freebn(u2);
     freebn(gu1p);
     freebn(yu2p);
     freebn(gu1yu2p);
@@ -404,6 +414,7 @@ static void *dss_createkey(unsigned char *pub_blob, int pub_len,
     ytest = modpow(dss->g, dss->x, dss->p);
     if (0 != bignum_cmp(ytest, dss->y)) {
 	dss_freekey(dss);
+        freebn(ytest);
 	return NULL;
     }
     freebn(ytest);
@@ -417,8 +428,6 @@ static void *dss_openssh_createkey(unsigned char **blob, int *len)
     struct dss_key *dss;
 
     dss = snew(struct dss_key);
-    if (!dss)
-	return NULL;
 
     dss->p = getmp(b, len);
     dss->q = getmp(b, len);
@@ -427,11 +436,11 @@ static void *dss_openssh_createkey(unsigned char **blob, int *len)
     dss->x = getmp(b, len);
 
     if (!dss->p || !dss->q || !dss->g || !dss->y || !dss->x) {
-	sfree(dss->p);
-	sfree(dss->q);
-	sfree(dss->g);
-	sfree(dss->y);
-	sfree(dss->x);
+	freebn(dss->p);
+	freebn(dss->q);
+	freebn(dss->g);
+	freebn(dss->y);
+	freebn(dss->x);
 	sfree(dss);
 	return NULL;
     }