gssapi: Release output_token on error path (GHSL-2023-041)

Thanks Phil Turnbull from GitHub Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2025-12-05 01:02:39 +03:00 · 2023-03-06 12:30:17 +01:00
parent 19ec009b7d
commit bb4e6ad1ee
1 changed files with 4 additions and 0 deletions
--- a/src/gssapi.c
+++ b/src/gssapi.c
@@ -434,6 +434,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server){
                             "Gssapi error",
                             maj_stat,
                             min_stat);
+        gss_release_buffer(&min_stat, &output_token);
        ssh_auth_reply_default(session,0);
        ssh_gssapi_free(session);
        session->gssapi=NULL;
@@ -451,6 +452,9 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server){
                        (size_t)output_token.length, output_token.value);
        ssh_packet_send(session);
    }
+
+    gss_release_buffer(&min_stat, &output_token);
+
    if(maj_stat == GSS_S_COMPLETE){
        session->gssapi->state = SSH_GSSAPI_STATE_RCV_MIC;
    }