Currently there is a case where ssh_packet_read_seqnr returns without calling free(setp). This patch ensures that free gets called before returning. diff --git a/packet.c b/packet.c index ad1f6b49..47a1b951 100644 --- a/packet.c +++ b/packet.c @@ -1447,8 +1447,10 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) break; } } - if (r == 0) - return SSH_ERR_CONN_TIMEOUT; + if (r == 0) { + r = SSH_ERR_CONN_TIMEOUT; + goto out; + } /* Read data from the socket. */ len = read(state->connection_in, buf, sizeof(buf)); if (len == 0) { _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev