28 lines
1,015 B
Diff
28 lines
1,015 B
Diff
From 8e21b1a05f3c0ee098dbcb6c3d84cb61f102a122 Mon Sep 17 00:00:00 2001
|
|
From: Daniel Stenberg <daniel@haxx.se>
|
|
Date: Mon, 8 May 2023 14:33:54 +0200
|
|
Subject: [PATCH] libssh2: free fingerprint better
|
|
|
|
Reported-by: Wei Chong Tan
|
|
Closes #11088
|
|
---
|
|
lib/vssh/libssh2.c | 3 +--
|
|
1 file changed, 1 insertion(+), 2 deletions(-)
|
|
|
|
diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c
|
|
index bfcc94e160178..dd39a844c646b 100644
|
|
--- a/lib/vssh/libssh2.c
|
|
+++ b/lib/vssh/libssh2.c
|
|
@@ -728,11 +728,10 @@ static CURLcode ssh_check_fingerprint(struct Curl_easy *data)
|
|
*/
|
|
if((pub_pos != b64_pos) ||
|
|
strncmp(fingerprint_b64, pubkey_sha256, pub_pos)) {
|
|
- free(fingerprint_b64);
|
|
-
|
|
failf(data,
|
|
"Denied establishing ssh session: mismatch sha256 fingerprint. "
|
|
"Remote %s is not equal to %s", fingerprint_b64, pubkey_sha256);
|
|
+ free(fingerprint_b64);
|
|
state(data, SSH_SESSION_FREE);
|
|
sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION;
|
|
return sshc->actualcode;
|