[PATCH] Fix a potential memory leak in function load_openssh_key()

Christian Engelmayer cengelma at gmx.at
Sun Apr 6 03:51:25 WST 2014


Fix a memory handling issue in the error path of function load_openssh_key().
When freeing the dynamically allocated struct openssh_key during cleanup, the
pointer itself is memset instead of the pointed to struct memory. Thus the
next instruction results in m_free(0).

Reported by Coverity - CID 1191536.
---
Compile tested, applies against github.com/mkj/dropbear.git
---
 keyimport.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/keyimport.c b/keyimport.c
index 3da14ad..48cc1ba 100644
--- a/keyimport.c
+++ b/keyimport.c
@@ -474,7 +474,7 @@ static struct openssh_key *load_openssh_key(const char *filename)
 			memset(ret->keyblob, 0, ret->keyblob_size);
 			m_free(ret->keyblob);
 		}
-		memset(&ret, 0, sizeof(ret));
+		memset(ret, 0, sizeof(*ret));
 		m_free(ret);
 	}
 	if (fp) {
-- 
1.8.3.2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
Url : http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20140405/d6af2a5a/attachment.sig 


More information about the Dropbear mailing list