From 378311fe5b82290d4dfc30ac4c847a455a0ec5cd Mon Sep 17 00:00:00 2001 From: Peter Krempa Date: Fri, 11 Nov 2011 14:54:57 +0100 Subject: [PATCH] knownhost_add: Avoid dereferencing uninitialized memory on error path. In function knownhost_add, memory is alocated for a new entry. If normal alocation is used, memory is not initialized to 0 right after, but a check is done to verify if correct key type is passed. This test is done BEFORE setting the memory to null, and on the error path function free_host() is called, that tries to dereference unititialized memory, resulting into a glibc abort(). * knownhost.c - knownhost_add(): - move typemask check before alloc --- src/knownhost.c | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/src/knownhost.c b/src/knownhost.c index 7280687..d90f1d4 100644 --- a/src/knownhost.c +++ b/src/knownhost.c @@ -131,25 +131,22 @@ knownhost_add(LIBSSH2_KNOWNHOSTS *hosts, const char *comment, size_t commentlen, int typemask, struct libssh2_knownhost **store) { - struct known_host *entry = - LIBSSH2_ALLOC(hosts->session, sizeof(struct known_host)); + struct known_host *entry; size_t hostlen = strlen(host); int rc; char *ptr; unsigned int ptrlen; - if(!entry) + /* make sure we have a key type set */ + if(!(typemask & LIBSSH2_KNOWNHOST_KEY_MASK)) + return _libssh2_error(hosts->session, LIBSSH2_ERROR_INVAL, + "No key type set"); + + if(!(entry = LIBSSH2_ALLOC(hosts->session, sizeof(struct known_host)))) return _libssh2_error(hosts->session, LIBSSH2_ERROR_ALLOC, "Unable to allocate memory for known host " "entry"); - /* make sure we have a key type set */ - if(!(typemask & LIBSSH2_KNOWNHOST_KEY_MASK)) { - rc = _libssh2_error(hosts->session, LIBSSH2_ERROR_INVAL, - "No key type set"); - goto error; - } - memset(entry, 0, sizeof(struct known_host)); entry->typemask = typemask;