summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
Diffstat
-rw-r--r--fuzzer-kexdh.c6
-rw-r--r--fuzzer-kexecdh.c6
2 files changed, 10 insertions, 2 deletions
diff --git a/fuzzer-kexdh.c b/fuzzer-kexdh.c
index f7abea2..224ff58 100644
--- a/fuzzer-kexdh.c
+++ b/fuzzer-kexdh.c
@@ -57,10 +57,14 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
ses.kexhashbuf = buf_new(KEXHASHBUF_MAX_INTS);
kexdh_comb_key(dh_param, &dh_e, svr_opts.hostkey);
- /* kexhashbuf is freed in kexdh_comb_key */
+ mp_clear(ses.dh_K);
m_free(ses.dh_K);
mp_clear(&dh_e);
+ buf_free(ses.hash);
+ buf_free(ses.session_id);
+ /* kexhashbuf is freed in kexdh_comb_key */
+
m_malloc_free_epoch(1, 0);
} else {
m_malloc_free_epoch(1, 1);
diff --git a/fuzzer-kexecdh.c b/fuzzer-kexecdh.c
index 693aecb..c3a450a 100644
--- a/fuzzer-kexecdh.c
+++ b/fuzzer-kexecdh.c
@@ -63,10 +63,14 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
ses.kexhashbuf = buf_new(KEXHASHBUF_MAX_INTS);
kexecdh_comb_key(ecdh_param, ecdh_qs, svr_opts.hostkey);
- /* kexhashbuf is freed in kexdh_comb_key */
+ mp_clear(ses.dh_K);
m_free(ses.dh_K);
buf_free(ecdh_qs);
+ buf_free(ses.hash);
+ buf_free(ses.session_id);
+ /* kexhashbuf is freed in kexdh_comb_key */
+
m_malloc_free_epoch(1, 0);
} else {
m_malloc_free_epoch(1, 1);
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-18 06:41:56 +0000