From 6236001ff4f9017c9f842d6548baba9760c95f5c Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Fri, 5 Oct 2012 14:39:51 +0200 Subject: CVE-2012-4559: Ensure that we don't free req twice. --- src/channels.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/channels.c b/src/channels.c index ad989d78..214485c9 100644 --- a/src/channels.c +++ b/src/channels.c @@ -1417,6 +1417,7 @@ static int channel_request(ssh_channel channel, const char *request, buffer_add_ssh_string(session->out_buffer, req) < 0 || buffer_add_u8(session->out_buffer, reply == 0 ? 0 : 1) < 0) { ssh_set_error_oom(session); + ssh_string_free(req); goto error; } ssh_string_free(req); @@ -1476,7 +1477,6 @@ static int channel_request(ssh_channel channel, const char *request, return rc; error: buffer_reinit(session->out_buffer); - ssh_string_free(req); leave_function(); return rc; -- cgit