[openssh-commits] [openssh] 02/04: upstream: don't leak environment= variable when it is not the first

[git+noreply at mindrot.org]

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 7d64a9fb587ba9592f027f7a2264226c713d6579
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Sat Jul 24 01:55:19 2021 +0000

    upstream: don't leak environment= variable when it is not the first
    
    match
    
    OpenBSD-Commit-ID: 7fbdc3dfe0032deaf003fd937eeb4d434ee4efe0
---
 auth-options.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/auth-options.c b/auth-options.c
index aa5da78a..335f0323 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.c,v 1.96 2021/07/23 03:57:20 djm Exp $ */
+/* $OpenBSD: auth-options.c,v 1.97 2021/07/24 01:55:19 djm Exp $ */
 /*
  * Copyright (c) 2018 Damien Miller <djm at mindrot.org>
  *
@@ -410,8 +410,10 @@ sshauthopt_parse(const char *opts, const char **errstrp)
 				errstr = "invalid environment string";
 				goto fail;
 			}
-			if ((cp = strdup(opt)) == NULL)
+			if ((cp = strdup(opt)) == NULL) {
+				free(opt);
 				goto alloc_fail;
+			}
 			l = (size_t)(tmp - opt);
 			cp[l] = '\0'; /* truncate at '=' */
 			if (!valid_env_name(cp)) {
@@ -440,7 +442,9 @@ sshauthopt_parse(const char *opts, const char **errstrp)
 					goto alloc_fail;
 				}
 				ret->env[ret->nenv++] = opt;
+				opt = NULL; /* transferred */
 			}
+			free(opt);
 		} else if (opt_match(&opts, "permitopen")) {
 			if (handle_permit(&opts, 0, &ret->permitopen,
 			    &ret->npermitopen, &errstr) != 0)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.