Fix leaks in kex fuzzers

author: Matt Johnston <matt@ucc.asn.au> 2018-03-09 23:16:37 +0800
committer: Matt Johnston <matt@ucc.asn.au> 2018-03-09 23:16:37 +0800
commit: d740dc548924f2faf0934e5f9a4b83d2b5d6902d (patch)
tree: 4928f4dbdf092326ba66f008c4ebdb6011064ae4
parent: 76933e6c0ab5a72443d1a900d2fb734ec126f97e (diff)
2 files changed, 10 insertions, 2 deletions
diff --git a/fuzzer-kexdh.c b/fuzzer-kexdh.c
index f7abea2..224ff58 100644
--- a/fuzzer-kexdh.c
+++ b/fuzzer-kexdh.c
@@ -57,10 +57,14 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 		ses.kexhashbuf = buf_new(KEXHASHBUF_MAX_INTS);
 		kexdh_comb_key(dh_param, &dh_e, svr_opts.hostkey);
 
-		/* kexhashbuf is freed in kexdh_comb_key */
+		mp_clear(ses.dh_K);
 		m_free(ses.dh_K);
 		mp_clear(&dh_e);
 
+		buf_free(ses.hash);
+		buf_free(ses.session_id);
+		/* kexhashbuf is freed in kexdh_comb_key */
+
 		m_malloc_free_epoch(1, 0);
 	} else {
 		m_malloc_free_epoch(1, 1);
diff --git a/fuzzer-kexecdh.c b/fuzzer-kexecdh.c
index 693aecb..c3a450a 100644
--- a/fuzzer-kexecdh.c
+++ b/fuzzer-kexecdh.c
@@ -63,10 +63,14 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 		ses.kexhashbuf = buf_new(KEXHASHBUF_MAX_INTS);
 		kexecdh_comb_key(ecdh_param, ecdh_qs, svr_opts.hostkey);
 
-		/* kexhashbuf is freed in kexdh_comb_key */
+		mp_clear(ses.dh_K);
 		m_free(ses.dh_K);
 		buf_free(ecdh_qs);
 
+		buf_free(ses.hash);
+		buf_free(ses.session_id);
+		/* kexhashbuf is freed in kexdh_comb_key */
+
 		m_malloc_free_epoch(1, 0);
 	} else {
 		m_malloc_free_epoch(1, 1);
author	Matt Johnston <matt@ucc.asn.au>	2018-03-09 23:16:37 +0800
committer	Matt Johnston <matt@ucc.asn.au>	2018-03-09 23:16:37 +0800
commit	d740dc548924f2faf0934e5f9a4b83d2b5d6902d (patch)
tree	4928f4dbdf092326ba66f008c4ebdb6011064ae4
parent	76933e6c0ab5a72443d1a900d2fb734ec126f97e (diff)