From 68d04c8e47b7b4c4c6faadcf8ff2c7a3d2a936c6 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Fri, 5 Oct 2012 14:38:29 +0200
Subject: CVE-2012-4559: Ensure that we don't free req twice.

---
 src/channels.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/channels.c b/src/channels.c
index a473380..1a0baf1 100644
--- a/src/channels.c
+++ b/src/channels.c
@@ -1525,6 +1525,7 @@ static int channel_request(ssh_channel channel, const char *request,
       buffer_add_ssh_string(session->out_buffer, req) < 0 ||
       buffer_add_u8(session->out_buffer, reply == 0 ? 0 : 1) < 0) {
     ssh_set_error_oom(session);
+    ssh_string_free(req);
     goto error;
   }
   ssh_string_free(req);
@@ -1584,7 +1585,6 @@ pending:
   return rc;
 error:
   buffer_reinit(session->out_buffer);
-  ssh_string_free(req);
 
   leave_function();
   return rc;
-- 
cgit