From ccc87f55932af2abe609822c8743247e2422cbf7 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Mon, 6 Mar 2023 12:27:15 +0100
Subject: [PATCH] gssapi: Free output token on exit path (GHSL-2023-039)

Thanks Phil Turnbull from GitHub

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/gssapi.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/gssapi.c b/src/gssapi.c
index f6e79bd0..8f260a99 100644
--- a/src/gssapi.c
+++ b/src/gssapi.c
@@ -1031,6 +1031,8 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_client){
         ssh_packet_send(session);
     }
 
+    gss_release_buffer(&min_stat, &output_token);
+
     if (maj_stat == GSS_S_COMPLETE) {
         ssh_gssapi_send_mic(session);
         session->auth.state = SSH_AUTH_STATE_GSSAPI_MIC_SENT;