From 4dcc0fddf773174132d579e26b41cbda547b2bb5 Mon Sep 17 00:00:00 2001
From: Simon Tatham <anakin@pobox.com>
Date: Sat, 20 Apr 2019 07:57:08 +0100
Subject: [PATCH] ssh2connection: clean up callbacks on exit.

We use a toplevel callback in the SSH-2 connection layer for checking
whether it's time to close the whole SSH session after a channel
closes. If the channel close itself, or something close enough to it,
involves a protocol error severe enough to abort the session and free
the connection layer, then that callback can fire anyway on stale
data.

The fix is the same as it always is in these situations: any object
which is ever used as the context parameter to queue_toplevel_callback
should also be passed to delete_callbacks_for_context before freeing it.
---
 ssh2connection.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ssh2connection.c b/ssh2connection.c
index 925b5ec9..163cc5c9 100644
--- a/ssh2connection.c
+++ b/ssh2connection.c
@@ -310,6 +310,8 @@ static void ssh2_connection_free(PacketProtocolLayer *ppl)
     }
     portfwdmgr_free(s->portfwdmgr);
 
+    delete_callbacks_for_context(s);
+
     sfree(s);
 }