net/filezilla/patches/patch-CVE-2013-4208


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

$NetBSD: patch-CVE-2013-4208,v 1.1.2.2 2013/08/21 21:59:57 tron Exp $

http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9988

--- src/putty/sshdss.c.orig	2013-08-06 09:08:32.000000000 +0000
+++ src/putty/sshdss.c
@@ -251,8 +251,13 @@ static int dss_verifysig(void *key, char
     }
     r = get160(&sig, &siglen);
     s = get160(&sig, &siglen);
-    if (!r || !s)
+    if (!r || !s) {
+        if (r)
+            freebn(r);
+        if (s)
+            freebn(s);
 	return 0;
+    }
 
     /*
      * Step 1. w <- s^-1 mod q.
@@ -601,6 +606,7 @@ static unsigned char *dss_sign(void *key
     s = modmul(kinv, hxr, dss->q);     /* s = k^-1 * (hash + x*r) mod q */
     freebn(hxr);
     freebn(kinv);
+    freebn(k);
     freebn(hash);
 
     /*