From 012c19c33a57bd821aa433b488deaf7f30e7bb44 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sun, 21 Mar 2021 00:10:04 +0100
Subject: libssh2:ssh_connect: clear session pointer after free

If libssh2_knownhost_init() returns NULL, like in an OOM situation, the
ssh session was freed but the pointer wasn't cleared which made libcurl
later call libssh2 to cleanup using the stale pointer.

Fixes #6764
Closes #6766
---
 lib/vssh/libssh2.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c
index 0e7c2eb98..891e945f7 100644
--- a/lib/vssh/libssh2.c
+++ b/lib/vssh/libssh2.c
@@ -3159,6 +3159,7 @@ static CURLcode ssh_connect(struct Curl_easy *data, bool *done)
     sshc->kh = libssh2_knownhost_init(sshc->ssh_session);
     if(!sshc->kh) {
       libssh2_session_free(sshc->ssh_session);
+      sshc->ssh_session = NULL;
       return CURLE_FAILED_INIT;
     }
 
-- 
cgit v1.2.1