From cee5f9f69c9ac821887803cc64b1aa103aea7813 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Mon, 6 Mar 2023 12:30:17 +0100
Subject: [PATCH] gssapi: Release output_token on error path (GHSL-2023-041)

Thanks Phil Turnbull from GitHub

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 src/gssapi.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/gssapi.c b/src/gssapi.c
index eb642ec5..311551f4 100644
--- a/src/gssapi.c
+++ b/src/gssapi.c
@@ -426,6 +426,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server){
                              "Gssapi error",
                              maj_stat,
                              min_stat);
+        gss_release_buffer(&min_stat, &output_token);
         ssh_auth_reply_default(session,0);
         ssh_gssapi_free(session);
         session->gssapi=NULL;
@@ -443,6 +444,9 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server){
                         (size_t)output_token.length, output_token.value);
         ssh_packet_send(session);
     }
+
+    gss_release_buffer(&min_stat, &output_token);
+
     if(maj_stat == GSS_S_COMPLETE){
         session->gssapi->state = SSH_GSSAPI_STATE_RCV_MIC;
     }