net-snmp/net-snmp-5.8-key-leak-backport.patch
2018-11-28 09:21:44 +01:00

57 lines
1.9 KiB
Diff

diff -urNp a/snmplib/keytools.c b/snmplib/keytools.c
--- a/snmplib/keytools.c 2018-11-27 15:04:59.931217024 +0100
+++ b/snmplib/keytools.c 2018-11-27 15:07:50.765672477 +0100
@@ -187,25 +187,25 @@ generate_Ku(const oid * hashtype, u_int
#else
ctx = malloc(sizeof(*ctx));
if (!EVP_MD_CTX_init(ctx))
- return SNMPERR_GENERR;
+ QUITFUN(SNMPERR_GENERR, generate_Ku_quit);
#endif
if (!EVP_DigestInit(ctx, hashfn))
- return SNMPERR_GENERR;
+ QUITFUN(SNMPERR_GENERR, generate_Ku_quit);
#elif NETSNMP_USE_INTERNAL_CRYPTO
#ifndef NETSNMP_DISABLE_MD5
if (NETSNMP_USMAUTH_HMACMD5 == auth_type) {
if (!MD5_Init(&cmd5))
- return SNMPERR_GENERR;
+ QUITFUN(SNMPERR_GENERR, generate_Ku_quit);
cryptotype = TYPE_MD5;
} else
#endif
if (NETSNMP_USMAUTH_HMACSHA1 == auth_type) {
if (!SHA1_Init(&csha1))
- return SNMPERR_GENERR;
+ QUITFUN(SNMPERR_GENERR, generate_Ku_quit);
cryptotype = TYPE_SHA1;
} else {
- return (SNMPERR_GENERR);
+ QUITFUN(SNMPERR_GENERR, generate_Ku_quit);
}
#else
MDbegin(&MD);
diff -urNp a/snmplib/scapi.c b/snmplib/scapi.c
--- a/snmplib/scapi.c 2018-11-27 15:04:59.931217024 +0100
+++ b/snmplib/scapi.c 2018-11-27 15:14:37.587393891 +0100
@@ -967,7 +967,8 @@ sc_hash_type(int auth_type, const u_char
#endif
if (!EVP_DigestInit(cptr, hashfn)) {
/* requested hash function is not available */
- return SNMPERR_SC_NOT_CONFIGURED;
+ rval = SNMPERR_SC_NOT_CONFIGURED;
+ goto sc_hash_type_quit;
}
/** pass the data */
@@ -976,6 +977,8 @@ sc_hash_type(int auth_type, const u_char
/** do the final pass */
EVP_DigestFinal(cptr, MAC, &tmp_len);
*MAC_len = tmp_len;
+
+sc_hash_type_quit:
#if defined(HAVE_EVP_MD_CTX_FREE)
EVP_MD_CTX_free(cptr);
#elif defined(HAVE_EVP_MD_CTX_DESTROY)