From 90373d8394e07f014931e2f5deb5a80a46b30ebc Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Wed, 19 Sep 2018 10:11:07 +0200
Subject: [PATCH] buffer: Do cleanup if ssh_buffer_unpack() fails in the first
 loop

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/buffer.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/buffer.c b/src/buffer.c
index 952065f8..7669e24a 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -1109,7 +1109,8 @@ int ssh_buffer_unpack_va(struct ssh_buffer_struct *buffer,
         /* Invalid number of arguments passed */
         if (argc != -1 && count > argc) {
             va_end(ap_copy);
-            return SSH_ERROR;
+            rc = SSH_ERROR;
+            goto cleanup;
         }
 
         switch (*p) {
@@ -1221,6 +1222,7 @@ int ssh_buffer_unpack_va(struct ssh_buffer_struct *buffer,
         rc = SSH_ERROR;
     }
 
+cleanup:
     if (rc != SSH_ERROR){
         /* Check if our canary is intact, if not something really bad happened */
         uint32_t canary = va_arg(ap, uint32_t);