if (i < 0) {
freebn(reqkey.exponent);
freebn(reqkey.modulus);
+ freebn(challenge);
fail_reason = "request truncated before challenge";
goto failure;
}
if (keylist) {
if (keylistlen < 4) {
*retstr = dupstr("Received broken key list from agent");
+ sfree(keylist);
+ sfree(blob);
return PAGEANT_ACTION_FAILURE;
}
nkeys = toint(GET_32BIT(keylist));
if (nkeys < 0) {
*retstr = dupstr("Received broken key list from agent");
+ sfree(keylist);
+ sfree(blob);
return PAGEANT_ACTION_FAILURE;
}
p = keylist + 4;
int n = rsa_public_blob_len(p, keylistlen);
if (n < 0) {
*retstr = dupstr("Received broken key list from agent");
+ sfree(keylist);
+ sfree(blob);
return PAGEANT_ACTION_FAILURE;
}
p += n;
int n;
if (keylistlen < 4) {
*retstr = dupstr("Received broken key list from agent");
+ sfree(keylist);
+ sfree(blob);
return PAGEANT_ACTION_FAILURE;
}
- n = toint(4 + GET_32BIT(p));
- if (n < 0 || keylistlen < n) {
+ n = GET_32BIT(p);
+ p += 4;
+ keylistlen -= 4;
+
+ if (n < 0 || n > keylistlen) {
*retstr = dupstr("Received broken key list from agent");
+ sfree(keylist);
+ sfree(blob);
return PAGEANT_ACTION_FAILURE;
}
p += n;
int n;
if (keylistlen < 4) {
*retstr = dupstr("Received broken key list from agent");
+ sfree(keylist);
+ sfree(blob);
return PAGEANT_ACTION_FAILURE;
}
- n = toint(4 + GET_32BIT(p));
- if (n < 0 || keylistlen < n) {
+ n = GET_32BIT(p);
+ p += 4;
+ keylistlen -= 4;
+
+ if (n < 0 || n > keylistlen) {
*retstr = dupstr("Received broken key list from agent");
+ sfree(keylist);
+ sfree(blob);
return PAGEANT_ACTION_FAILURE;
}
p += n;
* Run out of passphrases to try.
*/
*retstr = comment;
+ sfree(rkey);
return PAGEANT_ACTION_NEED_PP;
}
} else
* a bad passphrase.
*/
*retstr = dupstr(error);
+ sfree(rkey);
return PAGEANT_ACTION_FAILURE;
} else if (ret == 1) {
/*
if (resplen < 5 || response[4] != SSH_AGENT_SUCCESS) {
*retstr = dupstr("The already running Pageant "
"refused to add the key.");
+ freersakey(rkey);
+ sfree(rkey);
+ sfree(request);
+ sfree(response);
return PAGEANT_ACTION_FAILURE;
}
+ freersakey(rkey);
+ sfree(rkey);
sfree(request);
sfree(response);
} else {
if (!pageant_add_ssh1_key(rkey)) {
+ freersakey(rkey);
sfree(rkey); /* already present, don't waste RAM */
}
}
if (resplen < 5 || response[4] != SSH_AGENT_SUCCESS) {
*retstr = dupstr("The already running Pageant "
"refused to add the key.");
+ sfree(request);
+ sfree(response);
return PAGEANT_ACTION_FAILURE;
}