- djm@cvs.openbsd.org 2012/01/07 21:11:36

[mux.c] fix double-free in new session handler
author: djm <djm> 2012-02-10 21:16:28 +0000
committer: djm <djm> 2012-02-10 21:16:28 +0000
commit: ba4f8b3d0c07dc77fb88340b51fbc1c2f652101b (patch)
tree: ad0eb8498bf52bb0a687ba9c370cd1f7a07c97f3
parent: 868715803784c9d0fc7bf6c02b47e1661eed6f8d (diff)
download: openssh-ba4f8b3d0c07dc77fb88340b51fbc1c2f652101b.tar.gz
2 files changed, 5 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index 722be1b3..a5a1e927 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,9 @@
    - djm@cvs.openbsd.org 2012/01/05 00:16:56
      [monitor.c]
      memleak on error path
+   - djm@cvs.openbsd.org 2012/01/07 21:11:36
+     [mux.c]
+     fix double-free in new session handler
 
 20120206
  - (djm) [ssh-keygen.c] Don't fail in do_gen_all_hostkeys on platforms
diff --git a/mux.c b/mux.c
index 0b7abda0..d90605eb 100644
--- a/mux.c
+++ b/mux.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mux.c,v 1.33 2011/12/04 23:16:12 djm Exp $ */
+/* $OpenBSD: mux.c,v 1.34 2012/01/07 21:11:36 djm Exp $ */
 /*
  * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
  *
@@ -341,10 +341,8 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r)
 	env_len = 0;
 	while (buffer_len(m) > 0) {
 #define MUX_MAX_ENV_VARS	4096
-		if ((cp = buffer_get_string_ret(m, &len)) == NULL) {
-			xfree(cmd);
+		if ((cp = buffer_get_string_ret(m, &len)) == NULL)
 			goto malf;
-		}
 		if (!env_permitted(cp)) {
 			xfree(cp);
 			continue;
author	djm <djm>	2012-02-10 21:16:28 +0000
committer	djm <djm>	2012-02-10 21:16:28 +0000
commit	ba4f8b3d0c07dc77fb88340b51fbc1c2f652101b (patch)
tree	ad0eb8498bf52bb0a687ba9c370cd1f7a07c97f3
parent	868715803784c9d0fc7bf6c02b47e1661eed6f8d (diff)
download	openssh-ba4f8b3d0c07dc77fb88340b51fbc1c2f652101b.tar.gz