This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
The following commit(s) were added to refs/heads/master by this push:
new 3deb501f upstream: fix leak of CanonicalizePermittedCNAMEs on error path;
3deb501f is described below
commit 3deb501f86fc47e175ef6a3eaba9b9846a80d444
Author: djm@openbsd.org <djm@openbsd.org>
AuthorDate: Mon Mar 4 04:13:18 2024 +0000
upstream: fix leak of CanonicalizePermittedCNAMEs on error path;
spotted by Coverity (CID 438039)
OpenBSD-Commit-ID: 208839699939721f452a4418afc028a9f9d3d8af
---
readconf.c | 26 +++++++++++++++++++-------
1 file changed, 19 insertions(+), 7 deletions(-)
diff --git a/readconf.c b/readconf.c
index 804fcca2..3a64a044 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.385 2024/03/04 02:16:11 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.386 2024/03/04 04:13:18 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -890,6 +890,20 @@ parse_token(const char *cp, const char *filename, int linenum,
return oBadOption;
}
+static void
+free_canon_cnames(struct allowed_cname *cnames, u_int n)
+{
+ u_int i;
+
+ if (cnames == NULL || n == 0)
+ return;
+ for (i = 0; i < n; i++) {
+ free(cnames[i].source_list);
+ free(cnames[i].target_list);
+ }
+ free(cnames);
+}
+
/* Multistate option parsing */
struct multistate {
char *key;
@@ -2160,13 +2174,10 @@ parse_pubkey_algos:
if (found && *activep) {
options->permitted_cnames = cnames;
options->num_permitted_cnames = ncnames;
- } else {
- for (i = 0; i < ncnames; i++) {
- free(cnames[i].source_list);
- free(cnames[i].target_list);
- }
- free(cnames);
+ cnames = NULL; /* transferred */
+ ncnames = 0;
}
+ /* un-transferred cnames is cleaned up before exit */
break;
case oCanonicalizeHostname:
@@ -2405,6 +2416,7 @@ parse_pubkey_algos:
/* success */
ret = 0;
out:
+ free_canon_cnames(cnames, ncnames);
opt_array_free2(strs, NULL, nstrs);
argv_free(oav, oac);
return ret;
--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits
djm pushed a commit to branch master
in repository openssh.
The following commit(s) were added to refs/heads/master by this push:
new 3deb501f upstream: fix leak of CanonicalizePermittedCNAMEs on error path;
3deb501f is described below
commit 3deb501f86fc47e175ef6a3eaba9b9846a80d444
Author: djm@openbsd.org <djm@openbsd.org>
AuthorDate: Mon Mar 4 04:13:18 2024 +0000
upstream: fix leak of CanonicalizePermittedCNAMEs on error path;
spotted by Coverity (CID 438039)
OpenBSD-Commit-ID: 208839699939721f452a4418afc028a9f9d3d8af
---
readconf.c | 26 +++++++++++++++++++-------
1 file changed, 19 insertions(+), 7 deletions(-)
diff --git a/readconf.c b/readconf.c
index 804fcca2..3a64a044 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.385 2024/03/04 02:16:11 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.386 2024/03/04 04:13:18 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -890,6 +890,20 @@ parse_token(const char *cp, const char *filename, int linenum,
return oBadOption;
}
+static void
+free_canon_cnames(struct allowed_cname *cnames, u_int n)
+{
+ u_int i;
+
+ if (cnames == NULL || n == 0)
+ return;
+ for (i = 0; i < n; i++) {
+ free(cnames[i].source_list);
+ free(cnames[i].target_list);
+ }
+ free(cnames);
+}
+
/* Multistate option parsing */
struct multistate {
char *key;
@@ -2160,13 +2174,10 @@ parse_pubkey_algos:
if (found && *activep) {
options->permitted_cnames = cnames;
options->num_permitted_cnames = ncnames;
- } else {
- for (i = 0; i < ncnames; i++) {
- free(cnames[i].source_list);
- free(cnames[i].target_list);
- }
- free(cnames);
+ cnames = NULL; /* transferred */
+ ncnames = 0;
}
+ /* un-transferred cnames is cleaned up before exit */
break;
case oCanonicalizeHostname:
@@ -2405,6 +2416,7 @@ parse_pubkey_algos:
/* success */
ret = 0;
out:
+ free_canon_cnames(cnames, ncnames);
opt_array_free2(strs, NULL, nstrs);
argv_free(oav, oac);
return ret;
--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits