From 4daeb67181054f2a377677fac919ee8f9ed3490e Mon Sep 17 00:00:00 2001 From: "markus@openbsd.org" Date: Tue, 24 Mar 2015 20:10:08 +0000 Subject: [PATCH] upstream commit don't leak 'setp' on error; noted by Nicholas Lemonias; ok djm@ --- packet.c | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/packet.c b/packet.c index 5e18de437..ec2cbd30e 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.209 2015/03/11 00:48:39 jsg Exp $ */ +/* $OpenBSD: packet.c,v 1.210 2015/03/24 20:10:08 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1279,10 +1279,8 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) * Since we are blocking, ensure that all written packets have * been sent. */ - if ((r = ssh_packet_write_wait(ssh)) != 0) { - free(setp); - return r; - } + if ((r = ssh_packet_write_wait(ssh)) != 0) + goto out; /* Stay in the loop until we have received a complete packet. */ for (;;) { @@ -1340,15 +1338,20 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) len = roaming_read(state->connection_in, buf, sizeof(buf), &cont); } while (len == 0 && cont); - if (len == 0) - return SSH_ERR_CONN_CLOSED; - if (len < 0) - return SSH_ERR_SYSTEM_ERROR; + if (len == 0) { + r = SSH_ERR_CONN_CLOSED; + goto out; + } + if (len < 0) { + r = SSH_ERR_SYSTEM_ERROR; + goto out; + } /* Append it to the buffer. */ if ((r = ssh_packet_process_incoming(ssh, buf, len)) != 0) - return r; + goto out; } + out: free(setp); return r; }