From 63b47ed9d504b37ac2e903715ae7bf40036473a1 Mon Sep 17 00:00:00 2001
From: Ben Harris <bjh21@bjh21.me.uk>
Date: Sat, 10 Oct 2015 00:20:51 +0100
Subject: [PATCH] Another ecdsa_newkey crash: initialise ec->privateKey
 earlier.

This one might be exploitable, since without the fix, ecdsa_freekey()
tries to wipe the bignum pointed to by an uninitialised pointer.

Bug found with the help of afl-fuzz.
---
 sshecc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sshecc.c b/sshecc.c
index 9f188df8..bc842d0b 100644
--- a/sshecc.c
+++ b/sshecc.c
@@ -1782,11 +1782,11 @@ static void *ecdsa_newkey(const struct ssh_signkey *self,
     ec->publicKey.x = NULL;
     ec->publicKey.y = NULL;
     ec->publicKey.z = NULL;
+    ec->privateKey = NULL;
     if (!getmppoint(&data, &len, &ec->publicKey)) {
         ecdsa_freekey(ec);
         return NULL;
     }
-    ec->privateKey = NULL;
 
     if (!ec->publicKey.x || !ec->publicKey.y ||
         bignum_cmp(ec->publicKey.x, curve->p) >= 0 ||
-- 
2.45.2