From c8c32ffcbe08f6c408e970f5a8e13d3f7791efa6 Mon Sep 17 00:00:00 2001
From: Pekka Riikonen <priikone@silcnet.org>
Date: Wed, 11 Dec 2002 09:03:04 +0000
Subject: [PATCH] 	Fixed double free in SKE library error handling.

---
 CHANGES               | 5 +++++
 lib/silcske/silcske.c | 8 ++++++--
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index fb53fc93..b7660c4d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,8 @@
+Wed Dec 11 10:01:26 CET 2002 Pekka Riikonen <priikone@silcnet.org>
+
+	* Fixed double free in SKE library error hadling when signature
+	  error occurred.  Affected file lib/silcske/silcske.c.
+
 Tue Dec 10 21:47:56 EET 2002  Pekka Riikonen <priikone@silcnet.org>
 
 	* Fixed double free in invite list adding code when adding
diff --git a/lib/silcske/silcske.c b/lib/silcske/silcske.c
index 4fd34f78..9388324c 100644
--- a/lib/silcske/silcske.c
+++ b/lib/silcske/silcske.c
@@ -389,6 +389,7 @@ SilcSKEStatus silc_ske_initiator_phase_2(SilcSKE ske,
       silc_free(x);
       silc_mp_uninit(&payload->x);
       silc_free(payload);
+      ske->ke1_payload = NULL;
       ske->status = SILC_SKE_STATUS_OK;
       return ske->status;
     }
@@ -398,7 +399,7 @@ SilcSKEStatus silc_ske_initiator_phase_2(SilcSKE ske,
 
   /* Compute signature data if we are doing mutual authentication */
   if (private_key && ske->start_payload->flags & SILC_SKE_SP_FLAG_MUTUAL) {
-    unsigned char hash[32], sign[2048];
+    unsigned char hash[32], sign[2048 + 1];
     SilcUInt32 hash_len, sign_len;
 
     SILC_LOG_DEBUG(("We are doing mutual authentication"));
@@ -420,6 +421,7 @@ SilcSKEStatus silc_ske_initiator_phase_2(SilcSKE ske,
       silc_mp_uninit(&payload->x);
       silc_free(payload->pk_data);
       silc_free(payload);
+      ske->ke1_payload = NULL;
       ske->status = SILC_SKE_STATUS_SIGNATURE_ERROR;
       return ske->status;
     }
@@ -435,7 +437,9 @@ SilcSKEStatus silc_ske_initiator_phase_2(SilcSKE ske,
     silc_free(x);
     silc_mp_uninit(&payload->x);
     silc_free(payload->pk_data);
+    silc_free(payload->sign_data);
     silc_free(payload);
+    ske->ke1_payload = NULL;
     ske->status = status;
     return status;
   }
@@ -1016,7 +1020,7 @@ SilcSKEStatus silc_ske_responder_finish(SilcSKE ske,
   SilcSKEStatus status = SILC_SKE_STATUS_OK;
   SilcBuffer payload_buf;
   SilcMPInt *KEY;
-  unsigned char hash[32], sign[2048], *pk;
+  unsigned char hash[32], sign[2048 + 1], *pk;
   SilcUInt32 hash_len, sign_len, pk_len;
 
   SILC_LOG_DEBUG(("Start"));
-- 
2.43.0