[PATCH] Potential leak of memory in ssh_packet_read_seqnr()

[Albert S.]

Currently there is a case where ssh_packet_read_seqnr returns without
calling free(setp).

This patch ensures that free gets called before returning.

diff --git a/packet.c b/packet.c
index ad1f6b49..47a1b951 100644
--- a/packet.c
+++ b/packet.c
@@ -1447,8 +1447,10 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char
*typep, u_int32_t *seqnr_p)
 				break;
 			}
 		}
-		if (r == 0)
-			return SSH_ERR_CONN_TIMEOUT;
+		if (r == 0) {
+			r = SSH_ERR_CONN_TIMEOUT;
+			goto out;
+		}
 		/* Read data from the socket. */
 		len = read(state->connection_in, buf, sizeof(buf));
 		if (len == 0) {