upstream: fix memleak when applying certificate options; ok

author djm@openbsd.org <djm@openbsd.org>

Mon, 15 Sep 2025 04:38:00 +0000 (04:38 +0000)

committer Damien Miller <djm@mindrot.org>

Mon, 15 Sep 2025 06:12:59 +0000 (16:12 +1000)
author djm@openbsd.org <djm@openbsd.org>
Mon, 15 Sep 2025 04:38:00 +0000 (04:38 +0000)
committer Damien Miller <djm@mindrot.org>
Mon, 15 Sep 2025 06:12:59 +0000 (16:12 +1000)
diff --git a/auth-options.c b/auth-options.c

index 785a239903379827363c13922ddc0af3db64be95..90be7b02d49da736214fbe5bc9b7a3ca1c5cc66d 100644 (file)
--- a/auth-options.c
+++ b/auth-options.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.c,v 1.101 2023/07/14 07:44:21 dtucker Exp $ */
+/* $OpenBSD: auth-options.c,v 1.102 2025/09/15 04:38:00 djm Exp $ */
  /*
   * Copyright (c) 2018 Damien Miller <djm@mindrot.org>
   *
@@ -155,6 +155,7 @@ cert_option_list(struct sshauthopt *opts, struct sshbuf *oblob,
                                 if (addr_match_cidr_list(NULL, allowed) == -1) {
                                         error("Certificate source-address "
                                             "contents invalid");
+                                       free(allowed);
                                         goto out;
                                 }
                                 opts->required_from_host_cert = allowed;
author	djm@openbsd.org <djm@openbsd.org>
	Mon, 15 Sep 2025 04:38:00 +0000 (04:38 +0000)
committer	Damien Miller <djm@mindrot.org>
	Mon, 15 Sep 2025 06:12:59 +0000 (16:12 +1000)