From b3465418471ffa4cf0bbe1e8f28c4d007f060f99 Mon Sep 17 00:00:00 2001
From: Will Cosgrove <will@panic.com>
Date: Tue, 10 Sep 2024 09:35:26 -0700
Subject: [PATCH] Prevent possible double free of hostkey (#1452)

NULL server hostkey based on fuzzer failure case.
---
 src/kex.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/kex.c b/src/kex.c
index 8beaefa1..4ca9c34c 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -469,8 +469,11 @@ static int diffie_hellman_sha_algo(LIBSSH2_SESSION *session,
         buf.dataptr = buf.data;
         buf.dataptr++; /* advance past type */
 
-        if(session->server_hostkey)
+        if(session->server_hostkey) {
             LIBSSH2_FREE(session, session->server_hostkey);
+            session->server_hostkey = NULL;
+            session->server_hostkey_len = 0;
+        }
 
         if(_libssh2_copy_string(session, &buf, &(session->server_hostkey),
                                 &host_key_len)) {