From 2ec0342ed4f1fcf4d7b140f9d91bc97c8025221a Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Sat, 11 Feb 2012 08:16:28 +1100
Subject:    - djm@cvs.openbsd.org 2012/01/07 21:11:36      [mux.c]      fix
 double-free in new session handler

---
 ChangeLog | 3 +++
 mux.c     | 6 ++----
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 722be1b3..a5a1e927 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,9 @@
    - djm@cvs.openbsd.org 2012/01/05 00:16:56
      [monitor.c]
      memleak on error path
+   - djm@cvs.openbsd.org 2012/01/07 21:11:36
+     [mux.c]
+     fix double-free in new session handler
 
 20120206
  - (djm) [ssh-keygen.c] Don't fail in do_gen_all_hostkeys on platforms
diff --git a/mux.c b/mux.c
index 0b7abda0..d90605eb 100644
--- a/mux.c
+++ b/mux.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mux.c,v 1.33 2011/12/04 23:16:12 djm Exp $ */
+/* $OpenBSD: mux.c,v 1.34 2012/01/07 21:11:36 djm Exp $ */
 /*
  * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
  *
@@ -341,10 +341,8 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r)
 	env_len = 0;
 	while (buffer_len(m) > 0) {
 #define MUX_MAX_ENV_VARS	4096
-		if ((cp = buffer_get_string_ret(m, &len)) == NULL) {
-			xfree(cmd);
+		if ((cp = buffer_get_string_ret(m, &len)) == NULL)
 			goto malf;
-		}
 		if (!env_permitted(cp)) {
 			xfree(cp);
 			continue;
-- 
cgit v1.2.3