upstream: backout 1.293 fix kex mem-leak in ssh_packet_close at markus

request

the change introduced a NULL deref in sshpkt_vfatal() (uses of ssh->kex after
calling ssh_packet_clear_keys())

OpenBSD-Commit-ID: 9c9a6721411461b0b1c28dc00930d7251a798484

diff --git a/packet.c b/packet.c
index 4780356f2e2554d61f260b10c163dd9d2ec39814..9ffd9f59beabfc0afe89ffb27f85ff6cd79d8671 100644 (file)
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.293 2020/06/24 15:12:09 markus Exp $ */
+/* $OpenBSD: packet.c,v 1.294 2020/06/26 11:26:01 semarie Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -616,8 +616,6 @@ ssh_packet_close_internal(struct ssh *ssh, int do_close)
                state->newkeys[mode] = NULL;
                ssh_clear_newkeys(ssh, mode);           /* next keys */
        }
-       kex_free(ssh->kex);
-       ssh->kex = NULL;
 #ifdef WITH_ZLIB
        /* compression state is in shared mem, so we can only release it once */
        if (do_close && state->compression_buffer) {