From 7e515c411158d46b8f1c297d90a3d4bee3d8e45a Mon Sep 17 00:00:00 2001
From: Simon Tatham <anakin@pobox.com>
Date: Mon, 26 Aug 2013 11:55:56 +0000
Subject: [PATCH] Fix free of an uninitialised pointer.

CHAN_AGENT channels need c->u.a.message to be either NULL or valid
dynamically allocated memory, because it'll be freed by
ssh_channel_destroy. This bug triggers if an agent forwarding channel
is opened and closed without having sent any queries.

[originally from svn r10032]
---
 ssh.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ssh.c b/ssh.c
index 02711a08..f0a70c9a 100644
--- a/ssh.c
+++ b/ssh.c
@@ -7488,6 +7488,7 @@ static void ssh2_msg_channel_open(Ssh ssh, struct Packet *pktin)
 	else {
 	    c->type = CHAN_AGENT;	/* identify channel type */
 	    c->u.a.lensofar = 0;
+            c->u.a.message = NULL;
             c->u.a.outstanding_requests = 0;
 	}
     } else {