From 4cb673b6440091fe0568918e22f3f2ca0d94bef2 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Fri, 7 Jul 2006 09:17:18 +0000
Subject: Fixes from Erik Hovland:

cli-authpubkey.c:
    fix leak of keybuf

cli-kex.c:
    fix leak of fingerprint fp

cli-service.c:
    remove commented out code

dropbearkey.c:
    don't attepmt to free NULL key on failure

common-kex.c:
    only free key if it is initialised

keyimport.c:
    remove dead encrypted-key code
    don't leak a FILE* loading OpenSSH keys

rsa.c, dss.c:
    check return values for some libtommath functions

svr-kex.c:
    check return value retrieving DH kex mpint

svr-tcpfwd.c:
    fix null-dereference if remote tcp forward request fails

tcp-accept.c:
    don't incorrectly free the tcpinfo var

--HG--
extra : convert_revision : 640a55bc710cbaa6d212453c750026c770e19193
---
 cli-authpubkey.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'cli-authpubkey.c')

diff --git a/cli-authpubkey.c b/cli-authpubkey.c
index 9d36bc3..8a8fb42 100644
--- a/cli-authpubkey.c
+++ b/cli-authpubkey.c
@@ -112,6 +112,7 @@ void recv_msg_userauth_pk_ok() {
 		/* Success */
 		break;
 	}
+	buf_free(keybuf);
 
 	if (keyitem != NULL) {
 		TRACE(("matching key"))
-- 
cgit v1.2.3


From d4bc0aec5d55a3df5fbb6f5a872d44c882ee71de Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Sat, 3 Feb 2007 13:31:01 +0000
Subject: Fix leak of keybuf in recv_msg_userauth_pk_ok, courtesy of Klocwork

--HG--
extra : convert_revision : 9c39c3f447a47f61606df5d4bee364a449f12e18
---
 cli-authpubkey.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'cli-authpubkey.c')

diff --git a/cli-authpubkey.c b/cli-authpubkey.c
index 9d36bc3..7ef25b4 100644
--- a/cli-authpubkey.c
+++ b/cli-authpubkey.c
@@ -60,8 +60,8 @@ void cli_pubkeyfail() {
 
 void recv_msg_userauth_pk_ok() {
 
-	struct SignKeyList *keyitem;
-	buffer* keybuf;
+	struct SignKeyList *keyitem = NULL;
+	buffer* keybuf = NULL;
 	char* algotype = NULL;
 	unsigned int algolen;
 	int keytype;
@@ -121,6 +121,8 @@ void recv_msg_userauth_pk_ok() {
 	} else {
 		TRACE(("That was whacky. We got told that a key was valid, but it didn't match our list. Sounds like dodgy code on Dropbear's part"))
 	}
+	
+	buf_free(keybuf);
 
 	TRACE(("leave recv_msg_userauth_pk_ok"))
 }
-- 
cgit v1.2.3


From 433d5511e1b7c853ff68c65e7d515bc36a16991a Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Sun, 11 Feb 2007 10:46:44 +0000
Subject: Remove double-free due to the same "fix" for a leak getting merged in
 twice.

--HG--
extra : convert_revision : eac2a177021cfa0cbf365d5821fe6c8a0a5dc758
---
 cli-authpubkey.c | 2 --
 1 file changed, 2 deletions(-)

(limited to 'cli-authpubkey.c')

diff --git a/cli-authpubkey.c b/cli-authpubkey.c
index 4798f62..c16ef90 100644
--- a/cli-authpubkey.c
+++ b/cli-authpubkey.c
@@ -123,8 +123,6 @@ void recv_msg_userauth_pk_ok() {
 		TRACE(("That was whacky. We got told that a key was valid, but it didn't match our list. Sounds like dodgy code on Dropbear's part"))
 	}
 	
-	buf_free(keybuf);
-
 	TRACE(("leave recv_msg_userauth_pk_ok"))
 }
 
-- 
cgit v1.2.3