From: djm@openbsd.org <djm@openbsd.org>
Date: Mon, 15 Sep 2025 04:38:00 +0000 (+0000)
Subject: upstream: fix memleak when applying certificate options; ok
X-Git-Tag: V_10_1_P1~81
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=efed5da4ced88170cf474246eff771dd16c7092f;p=thirdparty%2Fopenssh-portable.git

upstream: fix memleak when applying certificate options; ok

dtucker

OpenBSD-Commit-ID: 36c219dcc05f4df82a0f9c500bdf5dbfea925289
---

diff --git a/auth-options.c b/auth-options.c
index 785a23990..90be7b02d 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.c,v 1.101 2023/07/14 07:44:21 dtucker Exp $ */
+/* $OpenBSD: auth-options.c,v 1.102 2025/09/15 04:38:00 djm Exp $ */
 /*
  * Copyright (c) 2018 Damien Miller <djm@mindrot.org>
  *
@@ -155,6 +155,7 @@ cert_option_list(struct sshauthopt *opts, struct sshbuf *oblob,
 				if (addr_match_cidr_list(NULL, allowed) == -1) {
 					error("Certificate source-address "
 					    "contents invalid");
+					free(allowed);
 					goto out;
 				}
 				opts->required_from_host_cert = allowed;