From ffed80f8c078122990a4eba2b275facd56dd43e0 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 6 Aug 2025 15:32:56 +0200
Subject: [PATCH] CVE-2025-8277: mbedtls: Avoid leaking ecdh keys

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/ecdh_mbedcrypto.c | 1 +
 src/wrapper.c         | 5 ++++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/ecdh_mbedcrypto.c b/src/ecdh_mbedcrypto.c
index d31bfcc7..860543d6 100644
--- a/src/ecdh_mbedcrypto.c
+++ b/src/ecdh_mbedcrypto.c
@@ -116,6 +116,7 @@ int ssh_client_ecdh_init(ssh_session session)
         goto out;
     }
 
+    SSH_STRING_FREE(session->next_crypto->ecdh_client_pubkey);
     session->next_crypto->ecdh_client_pubkey = client_pubkey;
     client_pubkey = NULL;
 
diff --git a/src/wrapper.c b/src/wrapper.c
index 0589c7f9..cd665c5c 100644
--- a/src/wrapper.c
+++ b/src/wrapper.c
@@ -182,7 +182,10 @@ void crypto_free(struct ssh_crypto_struct *crypto)
 #endif /* OPENSSL_VERSION_NUMBER */
 #elif defined HAVE_GCRYPT_ECC
         gcry_sexp_release(crypto->ecdh_privkey);
-#endif
+#elif defined HAVE_LIBMBEDCRYPTO
+        mbedtls_ecp_keypair_free(crypto->ecdh_privkey);
+        SAFE_FREE(crypto->ecdh_privkey);
+#endif /* HAVE_LIBGCRYPT */
         crypto->ecdh_privkey = NULL;
     }
 #endif