# HG changeset patch
# User Matt Johnston <matt@ucc.asn.au>
# Date 1520345900 -28800
# Node ID 252b406d0e9add92160cd1e368a216eca72efa7a
# Parent  8f7b6f75aa584d1e2c89017779c36ec52d108741
avoid leak of pubkey_options

diff -r 8f7b6f75aa58 -r 252b406d0e9a fuzzer-pubkey.c
--- a/fuzzer-pubkey.c	Tue Mar 06 22:02:19 2018 +0800
+++ b/fuzzer-pubkey.c	Tue Mar 06 22:18:20 2018 +0800
@@ -30,10 +30,16 @@
 		if (have_algo(algoname, algolen, sshhostkey) == DROPBEAR_FAILURE) {
 			dropbear_exit("fuzzer imagined a bogus algorithm");
 		}
-		fuzz_checkpubkey_line(line, 5, "/home/me/authorized_keys",
+
+		int ret = fuzz_checkpubkey_line(line, 5, "/home/me/authorized_keys",
 			algoname, algolen,
 			keyblob->data, keyblob->len);
 
+		if (ret == DROPBEAR_SUCCESS) {
+			/* fuzz_checkpubkey_line() should have cleaned up for failure */
+			svr_pubkey_options_cleanup();
+		}
+
 		buf_free(line);
 		buf_free(keyblob);
 		m_free(algoname);
diff -r 8f7b6f75aa58 -r 252b406d0e9a svr-authpubkey.c
--- a/svr-authpubkey.c	Tue Mar 06 22:02:19 2018 +0800
+++ b/svr-authpubkey.c	Tue Mar 06 22:18:20 2018 +0800
@@ -167,6 +167,10 @@
 		sign_key_free(key);
 		key = NULL;
 	}
+	/* Retain pubkey options only if auth succeeded */
+	if (!ses.authstate.authdone) {
+		svr_pubkey_options_cleanup();
+	}
 	TRACE(("leave pubkeyauth"))
 }
 
diff -r 8f7b6f75aa58 -r 252b406d0e9a svr-authpubkeyoptions.c
--- a/svr-authpubkeyoptions.c	Tue Mar 06 22:02:19 2018 +0800
+++ b/svr-authpubkeyoptions.c	Tue Mar 06 22:18:20 2018 +0800
@@ -113,7 +113,6 @@
 			m_free(ses.authstate.pubkey_options->forced_command);
 		}
 		m_free(ses.authstate.pubkey_options);
-		ses.authstate.pubkey_options = NULL;
 	}
 }