From 14beca57ac92d62830c42444c26ba861812dc837 Mon Sep 17 00:00:00 2001
From: "semarie@openbsd.org" <semarie@openbsd.org>
Date: Fri, 26 Jun 2020 11:26:01 +0000
Subject: upstream: backout 1.293 fix kex mem-leak in ssh_packet_close at
 markus

request

the change introduced a NULL deref in sshpkt_vfatal() (uses of ssh->kex after
calling ssh_packet_clear_keys())

OpenBSD-Commit-ID: 9c9a6721411461b0b1c28dc00930d7251a798484
---
 packet.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'packet.c')

diff --git a/packet.c b/packet.c
index 4780356f2..9ffd9f59b 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.293 2020/06/24 15:12:09 markus Exp $ */
+/* $OpenBSD: packet.c,v 1.294 2020/06/26 11:26:01 semarie Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -616,8 +616,6 @@ ssh_packet_close_internal(struct ssh *ssh, int do_close)
 		state->newkeys[mode] = NULL;
 		ssh_clear_newkeys(ssh, mode);		/* next keys */
 	}
-	kex_free(ssh->kex);
-	ssh->kex = NULL;
 #ifdef WITH_ZLIB
 	/* compression state is in shared mem, so we can only release it once */
 	if (do_close && state->compression_buffer) {
-- 
cgit v1.2.3