From f73dac8eeda810a93ff0c9f1aa40c9618f160ad0 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Mon, 6 Mar 2023 12:23:09 +0100
Subject: [PATCH] gssapi: Avoid memory leaks of selected OID (GHSL-2023-036)

Thanks Phil Turnbull from GitHub

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/gssapi.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/gssapi.c b/src/gssapi.c
index a31edd49..20a9abe0 100644
--- a/src/gssapi.c
+++ b/src/gssapi.c
@@ -730,7 +730,7 @@ end:
 int ssh_gssapi_auth_mic(ssh_session session)
 {
     size_t i;
-    gss_OID_set selected; /* oid selected for authentication */
+    gss_OID_set selected = GSS_C_NO_OID_SET; /* oid selected for authentication */
     ssh_string *oids = NULL;
     int rc;
     size_t n_oids = 0;
@@ -807,6 +807,8 @@ out:
         SSH_STRING_FREE(oids[i]);
     }
     free(oids);
+    gss_release_oid_set(&min_stat, &selected);
+
     if (rc != SSH_ERROR) {
         return SSH_AUTH_AGAIN;
     }