From c1a4eda9f6ec5301eeb83def1ecb453f659fa7d3 Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Tue, 13 Sep 2022 20:53:03 +0100 Subject: [PATCH] GSSAPI kex: don't call dh_is_gex() on ECDH algorithms. dh_is_gex() expects to find a 'struct dh_extra' in the 'extra' field of the kex_alg you pass in, and won't look kindly on finding an instance of some totally different structure type. We were being careful about that everywhere in the GSSAPI kex code except for the final free step. --- ssh/kex2-client.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ssh/kex2-client.c b/ssh/kex2-client.c index b890c023..26159bb5 100644 --- a/ssh/kex2-client.c +++ b/ssh/kex2-client.c @@ -559,10 +559,10 @@ void ssh2kex_coroutine(struct ssh2_transport_state *s, bool *aborted) dh_cleanup(s->dh_ctx); s->dh_ctx = NULL; mp_free(s->f); s->f = NULL; - } - if (dh_is_gex(s->kex_alg)) { - mp_free(s->g); s->g = NULL; - mp_free(s->p); s->p = NULL; + if (dh_is_gex(s->kex_alg)) { + mp_free(s->g); s->g = NULL; + mp_free(s->p); s->p = NULL; + } } #endif } else {