From 6bd2b93f43dacceaf060d1aeb89749eba7df2cbb Mon Sep 17 00:00:00 2001
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date: Mon, 2 Mar 2020 11:36:18 +0100
Subject: auth: Fix memory leak in ssh_userauth_publickey_auto()

When a key is rejected, free the allocated memory before returning.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/auth.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src')

diff --git a/src/auth.c b/src/auth.c
index ac6c9b14..89272290 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -1132,7 +1132,9 @@ int ssh_userauth_publickey_auto(ssh_session session,
                         "Public key authentication error for %s",
                         privkey_file);
                 ssh_key_free(state->privkey);
+                state->privkey = NULL;
                 ssh_key_free(state->pubkey);
+                state->pubkey = NULL;
                 SAFE_FREE(session->auth.auto_state);
                 return rc;
             } else if (rc == SSH_AUTH_AGAIN) {
@@ -1198,6 +1200,9 @@ int ssh_userauth_publickey_auto(ssh_session session,
                 return rc;
             }
 
+            ssh_key_free(state->privkey);
+            ssh_key_free(state->pubkey);
+
             SSH_LOG(SSH_LOG_WARN,
                     "The server accepted the public key but refused the signature");
             state->it = state->it->next;
-- 
cgit v1.2.3