From 4c83d19c4865eb814689067152f5835323a8709c Mon Sep 17 00:00:00 2001
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date: Mon, 2 Mar 2020 11:36:18 +0100
Subject: [PATCH] auth: Fix memory leak in ssh_userauth_publickey_auto()

When a key is rejected, free the allocated memory before returning.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 6bd2b93f43dacceaf060d1aeb89749eba7df2cbb)
---
 src/auth.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/auth.c b/src/auth.c
index f2eeee0b..3a5f0efb 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -1116,7 +1116,9 @@ int ssh_userauth_publickey_auto(ssh_session session,
                         "Public key authentication error for %s",
                         privkey_file);
                 ssh_key_free(state->privkey);
+                state->privkey = NULL;
                 ssh_key_free(state->pubkey);
+                state->pubkey = NULL;
                 SAFE_FREE(session->auth.auto_state);
                 return rc;
             } else if (rc == SSH_AUTH_AGAIN) {
@@ -1182,6 +1184,9 @@ int ssh_userauth_publickey_auto(ssh_session session,
                 return rc;
             }
 
+            ssh_key_free(state->privkey);
+            ssh_key_free(state->pubkey);
+
             SSH_LOG(SSH_LOG_WARN,
                     "The server accepted the public key but refused the signature");
             state->it = state->it->next;