From 0d029e7038d074a064e2870ec35441403301d099 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Fri, 5 Oct 2012 10:51:43 +0200
Subject: [PATCH] misc: Don't leak memory on ssh_path_expand_escape() on error.

(cherry picked from commit 61d032fc03e0055c859931f466bc75fbdf36385a)
---
 src/misc.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/misc.c b/src/misc.c
index a4c382b4..dd5298f8 100644
--- a/src/misc.c
+++ b/src/misc.c
@@ -760,11 +760,13 @@ char *ssh_path_expand_escape(ssh_session session, const char *s) {
             default:
                 ssh_set_error(session, SSH_FATAL,
                         "Wrong escape sequence detected");
+                free(r);
                 return NULL;
         }
 
         if (x == NULL) {
             ssh_set_error_oom(session);
+            free(r);
             return NULL;
         }
 
@@ -772,6 +774,8 @@ char *ssh_path_expand_escape(ssh_session session, const char *s) {
         if (i > MAX_BUF_SIZE) {
             ssh_set_error(session, SSH_FATAL,
                     "String too long");
+            free(x);
+            free(r);
             return NULL;
         }
         l = strlen(buf);