From 0d772d9d11ceedd9432383019a75859813149673 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Tue, 9 Dec 2008 14:12:05 +1100
Subject:    - djm@cvs.openbsd.org 2008/12/09 02:58:16      [readconf.c]     
 don't leave junk (free'd) pointers around in Forward *fwd argument on     
 failure; avoids double-free in ~C -L handler when given an invalid     
 forwarding specification; bz#1539 report from adejong AT debian.org      via
 Colin Watson; ok markus@ dtucker@

---
 ChangeLog  |  8 +++++++-
 readconf.c | 10 +++++++---
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 2ea6a05da..ab50a006a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,12 @@
      Deal correctly with failures in remote stat() operation in sftp,
      correcting fail-on-error behaviour in batchmode. bz#1541 report and
      fix from anedvedicky AT gmail.com; ok markus@
+   - djm@cvs.openbsd.org 2008/12/09 02:58:16
+     [readconf.c]
+     don't leave junk (free'd) pointers around in Forward *fwd argument on
+     failure; avoids double-free in ~C -L handler when given an invalid
+     forwarding specification; bz#1539 report from adejong AT debian.org
+     via Colin Watson; ok markus@ dtucker@
 
 20081208
  - (djm) [configure.ac] bz#1538: better test for ProPolice/SSP: actually
@@ -4979,5 +4985,5 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.5153 2008/12/09 03:11:49 djm Exp $
+$Id: ChangeLog,v 1.5154 2008/12/09 03:12:05 djm Exp $
 
diff --git a/readconf.c b/readconf.c
index d1ffd84a8..ab89e0c05 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.172 2008/11/04 19:18:00 stevesk Exp $ */
+/* $OpenBSD: readconf.c,v 1.173 2008/12/09 02:58:16 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1293,9 +1293,13 @@ parse_forward(Forward *fwd, const char *fwdspec, int dynamicfwd)
 	return (i);
 
  fail_free:
-	if (fwd->connect_host != NULL)
+	if (fwd->connect_host != NULL) {
 		xfree(fwd->connect_host);
-	if (fwd->listen_host != NULL)
+		fwd->connect_host = NULL;
+	}
+	if (fwd->listen_host != NULL) {
 		xfree(fwd->listen_host);
+		fwd->listen_host = NULL;
+	}
 	return (0);
 }
-- 
cgit v1.2.3