rpms/openssh
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Do not segfault for repetitive cipher_free() from audit (#1524233)

Browse Source
This commit is contained in:
Jakub Jelen 2017-11-24 14:49:00 +01:00
parent eef660e534
commit 217da75d53
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
openssh-7.6p1-audit.patch
View File

@ -906,6 +906,15 @@ diff -up openssh-7.6p1/cipher.c.audit openssh-7.6p1/cipher.c
static const struct sshcipher ciphers[] = { static const struct sshcipher ciphers[] = {
#ifdef WITH_OPENSSL #ifdef WITH_OPENSSL
{ "3des-cbc", 8, 24, 0, 0, CFLAG_CBC, EVP_des_ede3_cbc }, { "3des-cbc", 8, 24, 0, 0, CFLAG_CBC, EVP_des_ede3_cbc },
@@ -409,7 +409,7 @@ cipher_get_length(struct sshcipher_ctx *
void
cipher_free(struct sshcipher_ctx *cc)
{
- if (cc == NULL)
+ if (cc == NULL || cc->cipher == NULL)
return;
if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx));
diff -up openssh-7.6p1/cipher.h.audit openssh-7.6p1/cipher.h diff -up openssh-7.6p1/cipher.h.audit openssh-7.6p1/cipher.h
--- openssh-7.6p1/cipher.h.audit 2017-10-02 21:34:26.000000000 +0200 --- openssh-7.6p1/cipher.h.audit 2017-10-02 21:34:26.000000000 +0200
+++ openssh-7.6p1/cipher.h 2017-10-04 17:18:32.836505059 +0200 +++ openssh-7.6p1/cipher.h 2017-10-04 17:18:32.836505059 +0200