diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-01-04 09:46:26 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-01-04 14:05:22 +0100 |
commit | b994805907fead443e31ad69b7388e1355c6a5f1 (patch) | |
tree | f378bfef1a090521c958c6f6992523d7aaf4ee3a | |
parent | 438ceeb5dde7339d077cd232407c072f20f4d83d (diff) | |
download | gnutls-b994805907fead443e31ad69b7388e1355c6a5f1.tar.gz |
auth rsa: eliminated memory leak on pkcs-1 formatting attack path
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/auth/rsa.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c index b54d415f6f..6f75bb5327 100644 --- a/lib/auth/rsa.c +++ b/lib/auth/rsa.c @@ -140,7 +140,7 @@ static int proc_rsa_client_kx(gnutls_session_t session, uint8_t * data, size_t _data_size) { - gnutls_datum_t plaintext; + gnutls_datum_t plaintext = {NULL, 0}; gnutls_datum_t ciphertext; int ret, dsize; int use_rnd_key = 0; @@ -195,6 +195,10 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data, * attack against pkcs-1 formating). */ _gnutls_debug_log("auth_rsa: Possible PKCS #1 format attack\n"); + if (ret >= 0) { + gnutls_free(plaintext.data); + plaintext.data = NULL; + } use_rnd_key = 1; } else { /* If the secret was properly formatted, then |