From ae809b3cbbfde6010cb6cb5e84660af128a8b16a Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 15 Jan 2021 19:23:53 +0100
Subject: [PATCH] dh-gex: Avoid memory leaks

Thanks oss-fuzz

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29611
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/dh-gex.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/dh-gex.c b/src/dh-gex.c
index 9bf0546a..88a97140 100644
--- a/src/dh-gex.c
+++ b/src/dh-gex.c
@@ -263,6 +263,8 @@ static SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_reply)
         bignum_safe_free(server_pubkey);
         goto error;
     }
+    /* The ownership was passed to the crypto structure */
+    server_pubkey = NULL;
 
     rc = ssh_dh_import_next_pubkey_blob(session, pubkey_blob);
     SSH_STRING_FREE(pubkey_blob);
@@ -293,6 +295,7 @@ static SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_reply)
 
     return SSH_PACKET_USED;
 error:
+    SSH_STRING_FREE(pubkey_blob);
     ssh_dh_cleanup(session->next_crypto);
     session->session_state = SSH_SESSION_STATE_ERROR;