From 67881a129cb4f6a426f502bbe6f11cc3790d9962 Mon Sep 17 00:00:00 2001
From: Simon Tatham <anakin@pobox.com>
Date: Sat, 15 Jun 2019 21:35:28 +0100
Subject: [PATCH] Add missing del234 in ssh_transient_hostkey_cache_add.

The idea was that if we found a host key already cached for the given
algorithm, we should remove it from the tree and free it. In fact, I
forgot the 'remove from tree' step, so we freed a key that was still
linked from the tree234. Depending on luck and platform, this could
either cause a segfault, or an assertion failure on the subsequent
attempt to add the new key in place of the not-removed-after-all old
one.
---
 ssh2transhk.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ssh2transhk.c b/ssh2transhk.c
index 237fdee1..2e77fdf9 100644
--- a/ssh2transhk.c
+++ b/ssh2transhk.c
@@ -76,6 +76,7 @@ void ssh_transient_hostkey_cache_add(
 
     if ((ent = find234(thc->cache, (void *)ssh_key_alg(key),
                        ssh_transient_hostkey_cache_find)) != NULL) {
+        del234(thc->cache, ent);
         strbuf_free(ent->pub_blob);
         sfree(ent);
     }