dropbear: avoid leak of ecdh public key

author Konstantin Demin <rockdrilla@gmail.com>

Tue, 16 Oct 2018 13:31:38 +0000 (16:31 +0300)

committer Hans Dedecker <dedeckeh@gmail.com>

Thu, 8 Nov 2018 10:07:05 +0000 (11:07 +0100)
author Konstantin Demin <rockdrilla@gmail.com>
Tue, 16 Oct 2018 13:31:38 +0000 (16:31 +0300)
committer Hans Dedecker <dedeckeh@gmail.com>
Thu, 8 Nov 2018 10:07:05 +0000 (11:07 +0100)
diff --git a/package/network/services/dropbear/patches/007-avoid-leak-of-ecdh-public-key.patch b/package/network/services/dropbear/patches/007-avoid-leak-of-ecdh-public-key.patch

new file mode 100644 (file)

index 0000000..861420b
--- /dev/null
+++ b/package/network/services/dropbear/patches/007-avoid-leak-of-ecdh-public-key.patch
@@ -0,0 +1,12 @@
+--- a/common-kex.c
++++ b/common-kex.c
+@@ -687,6 +687,9 @@ void kexecdh_comb_key(struct kex_ecdh_pa
+       /* K, the shared secret */
+       buf_putmpint(ses.kexhashbuf, ses.dh_K);
+ 
++      ecc_free(Q_them);
++      m_free(Q_them);
++
+       /* calculate the hash H to sign */
+       finish_kexhashbuf();
+ }
author	Konstantin Demin <rockdrilla@gmail.com>
	Tue, 16 Oct 2018 13:31:38 +0000 (16:31 +0300)
committer	Hans Dedecker <dedeckeh@gmail.com>
	Thu, 8 Nov 2018 10:07:05 +0000 (11:07 +0100)