From 8c366766ae125fe1e8e10018589a58725b67968f Mon Sep 17 00:00:00 2001
From: Simon Tatham <anakin@pobox.com>
Date: Sun, 3 Mar 2019 06:55:12 +0000
Subject: [PATCH] ssh.c: add a missing delete_callbacks_for_context.

If an Ssh structure is destroyed while its IdempotentCallback
ssh->ic_out_raw is prnding, then the latter will stay on callback.c's
list pointing at the freed memory.
---
 ssh.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ssh.c b/ssh.c
index dca0a728..849ddb7f 100644
--- a/ssh.c
+++ b/ssh.c
@@ -900,6 +900,8 @@ static void ssh_free(Backend *be)
 	ssh_gss_cleanup(ssh->gss_state.libs);
 #endif
 
+    delete_callbacks_for_context(ssh); /* likely to catch ic_out_raw */
+
     need_random_unref = ssh->need_random_unref;
     sfree(ssh);