[Bug 2175] New: possible use after free

bugzilla-daemon Tue, 03 Dec 2013 20:41:18 -0800

https://bugzilla.mindrot.org/show_bug.cgi?id=2175


            Bug ID: 2175
           Summary: possible use after free
           Product: Portable OpenSSH
           Version: -current
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sshd
          Assignee: [email protected]
          Reporter: [email protected]

Created attachment 2377
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2377&action=edit
use_after_free fix

blob() might be freed on subsequent loop iterations.

     if ((nkeys = pkcs11_add_provider(name, pin, &keys)) > 0) {
                buffer_put_char(&msg, SSH2_AGENT_IDENTITIES_ANSWER);
                buffer_put_int(&msg, nkeys);
                for (i = 0; i < nkeys; i++) {
                        key_to_blob(keys[i], &blob, &blen)
                        buffer_put_string(&msg, blob, blen);
                        buffer_put_cstring(&msg, name);
                        free(blob);
                        add_key(keys[i], name);

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2175] New: possible use after free

Reply via email to