From bb4e6ad1ee0fb0cda83edc28641b85e57f9007f3 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Mon, 6 Mar 2023 12:30:17 +0100
Subject: [PATCH] gssapi: Release output_token on error path (GHSL-2023-041)

Thanks Phil Turnbull from GitHub

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/gssapi.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/gssapi.c b/src/gssapi.c
index 0a1993b8..ce1c68aa 100644
--- a/src/gssapi.c
+++ b/src/gssapi.c
@@ -434,6 +434,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server){
                              "Gssapi error",
                              maj_stat,
                              min_stat);
+        gss_release_buffer(&min_stat, &output_token);
         ssh_auth_reply_default(session,0);
         ssh_gssapi_free(session);
         session->gssapi=NULL;
@@ -451,6 +452,9 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server){
                         (size_t)output_token.length, output_token.value);
         ssh_packet_send(session);
     }
+
+    gss_release_buffer(&min_stat, &output_token);
+
     if(maj_stat == GSS_S_COMPLETE){
         session->gssapi->state = SSH_GSSAPI_STATE_RCV_MIC;
     }