From e33eefbd0d878957231fe0ac89f9cbd6b1fa5a1a Mon Sep 17 00:00:00 2001 From: dtucker Date: Sun, 5 Mar 2023 09:24:35 +0000 Subject: [PATCH] Fix mem and FILE leaks in moduli screening. If multiple -Ocheckpoint= options are passed, the earlier ones would be overwritten and leaked. If we use an input file that wasn't stdin, close that. From Coverity CIDs 291884 and 291894. --- usr.bin/ssh/ssh-keygen.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c index 58f1c5d26d2..2091e6ee3d1 100644 --- a/usr.bin/ssh/ssh-keygen.c +++ b/usr.bin/ssh/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.464 2023/03/05 08:18:58 dtucker Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.465 2023/03/05 09:24:35 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -2992,6 +2992,7 @@ do_moduli_screen(const char *out_file, char **opts, size_t nopts) } else if (strncmp(opts[i], "start-line=", 11) == 0) { start_lineno = strtoul(opts[i]+11, NULL, 10); } else if (strncmp(opts[i], "checkpoint=", 11) == 0) { + free(checkpoint); checkpoint = xstrdup(opts[i]+11); } else if (strncmp(opts[i], "generator=", 10) == 0) { generator_wanted = (u_int32_t)strtonum( @@ -3030,6 +3031,8 @@ do_moduli_screen(const char *out_file, char **opts, size_t nopts) generator_wanted, checkpoint, start_lineno, lines_to_process) != 0) fatal("modulus screening failed"); + if (in != stdin) + (void)fclose(in); free(checkpoint); #else /* WITH_OPENSSL */ fatal("Moduli screening is not supported"); -- 2.20.1