Gssapi-keyex: fix issues found by static analysis
Related: RHEL-60564 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
This commit is contained in:
parent
0802365f07
commit
384febcdc2
@ -1240,8 +1240,8 @@ diff --color -ruNp a/kexgen.c b/kexgen.c
|
||||
const struct sshbuf *client_version,
|
||||
diff --color -ruNp a/kexgssc.c b/kexgssc.c
|
||||
--- a/kexgssc.c 1970-01-01 01:00:00.000000000 +0100
|
||||
+++ b/kexgssc.c 2024-09-16 11:46:34.709940203 +0200
|
||||
@@ -0,0 +1,704 @@
|
||||
+++ b/kexgssc.c 2024-10-14 15:18:02.491798105 +0200
|
||||
@@ -0,0 +1,706 @@
|
||||
+/*
|
||||
+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
|
||||
+ *
|
||||
@ -1603,6 +1603,7 @@ diff --color -ruNp a/kexgssc.c b/kexgssc.c
|
||||
+ if (gss->major & GSS_S_CONTINUE_NEEDED)
|
||||
+ return kexgss_init_ctx(ssh, &recv_tok);
|
||||
+
|
||||
+ gss_release_buffer(&gss->minor, &recv_tok);
|
||||
+ return kexgss_final(ssh);
|
||||
+}
|
||||
+
|
||||
@ -1942,14 +1943,15 @@ diff --color -ruNp a/kexgssc.c b/kexgssc.c
|
||||
+ if (gss->major & GSS_S_CONTINUE_NEEDED)
|
||||
+ return kexgssgex_init_ctx(ssh, &recv_tok);
|
||||
+
|
||||
+ gss_release_buffer(&gss->minor, &recv_tok);
|
||||
+ return kexgssgex_final(ssh);
|
||||
+}
|
||||
+
|
||||
+#endif /* defined(GSSAPI) && defined(WITH_OPENSSL) */
|
||||
diff --color -ruNp a/kexgsss.c b/kexgsss.c
|
||||
--- a/kexgsss.c 1970-01-01 01:00:00.000000000 +0100
|
||||
+++ b/kexgsss.c 2024-09-16 11:46:34.710940224 +0200
|
||||
@@ -0,0 +1,590 @@
|
||||
+++ b/kexgsss.c 2024-10-14 15:18:02.491798105 +0200
|
||||
@@ -0,0 +1,601 @@
|
||||
+/*
|
||||
+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
|
||||
+ *
|
||||
@ -2082,6 +2084,9 @@ diff --color -ruNp a/kexgsss.c b/kexgsss.c
|
||||
+ struct kex *kex = ssh->kex;
|
||||
+ Gssctxt *gss = kex->gss;
|
||||
+ gss_buffer_desc msg_tok;
|
||||
+ u_char hash[SSH_DIGEST_MAX_LENGTH];
|
||||
+ size_t hashlen;
|
||||
+ struct sshbuf *shared_secret = NULL;
|
||||
+ int r;
|
||||
+
|
||||
+ ssh_dispatch_set(ssh, SSH2_MSG_KEXGSS_INIT, NULL);
|
||||
@ -2125,12 +2130,18 @@ diff --color -ruNp a/kexgsss.c b/kexgsss.c
|
||||
+ gss_release_buffer(&gss->minor, send_tok);
|
||||
+ gss_release_buffer(&gss->minor, &msg_tok);
|
||||
+
|
||||
+ hashlen = gss->hashlen;
|
||||
+ memcpy(hash, gss->hash, hashlen);
|
||||
+ explicit_bzero(gss->hash, sizeof(gss->hash));
|
||||
+ shared_secret = gss->shared_secret;
|
||||
+ gss->shared_secret = NULL;
|
||||
+
|
||||
+ if (gss_kex_context == NULL)
|
||||
+ gss_kex_context = gss;
|
||||
+ else
|
||||
+ ssh_gssapi_delete_ctx(&kex->gss);
|
||||
+
|
||||
+ if ((r = kex_derive_keys(ssh, gss->hash, gss->hashlen, gss->shared_secret)) == 0)
|
||||
+ if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0)
|
||||
+ r = kex_send_newkeys(ssh);
|
||||
+
|
||||
+ /* If this was a rekey, then save out any delegated credentials we
|
||||
@ -2139,12 +2150,11 @@ diff --color -ruNp a/kexgsss.c b/kexgsss.c
|
||||
+ ssh_gssapi_rekey_creds();
|
||||
+
|
||||
+ if (kex->gss != NULL) {
|
||||
+ explicit_bzero(gss->hash, sizeof(gss->hash));
|
||||
+ sshbuf_free(gss->shared_secret);
|
||||
+ gss->shared_secret = NULL;
|
||||
+ sshbuf_free(gss->server_pubkey);
|
||||
+ gss->server_pubkey = NULL;
|
||||
+ }
|
||||
+ explicit_bzero(hash, sizeof(hash));
|
||||
+ sshbuf_free(shared_secret);
|
||||
+ return r;
|
||||
+}
|
||||
+
|
||||
@ -2187,7 +2197,8 @@ diff --color -ruNp a/kexgsss.c b/kexgsss.c
|
||||
+ }
|
||||
+ if (r != 0) {
|
||||
+ sshbuf_free(client_pubkey);
|
||||
+ ssh_gssapi_delete_ctx(&kex->gss);
|
||||
+ gss_release_buffer(&gss->minor, &recv_tok);
|
||||
+ ssh_gssapi_delete_ctx(&kex->gss);
|
||||
+ return r;
|
||||
+ }
|
||||
+
|
||||
@ -2195,6 +2206,7 @@ diff --color -ruNp a/kexgsss.c b/kexgsss.c
|
||||
+
|
||||
+ if ((empty = sshbuf_new()) == NULL) {
|
||||
+ sshbuf_free(client_pubkey);
|
||||
+ gss_release_buffer(&gss->minor, &recv_tok);
|
||||
+ ssh_gssapi_delete_ctx(&kex->gss);
|
||||
+ return SSH_ERR_ALLOC_FAIL;
|
||||
+ }
|
||||
@ -2210,6 +2222,7 @@ diff --color -ruNp a/kexgsss.c b/kexgsss.c
|
||||
+ sshbuf_free(empty);
|
||||
+ sshbuf_free(client_pubkey);
|
||||
+ if (r != 0) {
|
||||
+ gss_release_buffer(&gss->minor, &recv_tok);
|
||||
+ ssh_gssapi_delete_ctx(&kex->gss);
|
||||
+ return r;
|
||||
+ }
|
||||
|
Loading…
Reference in New Issue
Block a user