From ec0e6243660bf2df30c620a6a0d83eded376c9c6 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Fri, 13 Sep 2019 13:14:39 +1000
Subject: memleak of buffer in sshpam_query

coverity report via Ed Maste; ok dtucker@
---
 auth-pam.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'auth-pam.c')

diff --git a/auth-pam.c b/auth-pam.c
index 55253e6ab..d3f400bc3 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -851,6 +851,7 @@ sshpam_query(void *ctx, char **name, char **info,
 			plen += mlen;
 			**echo_on = (type == PAM_PROMPT_ECHO_ON);
 			free(msg);
+			sshbuf_free(buffer);
 			return (0);
 		case PAM_ERROR_MSG:
 		case PAM_TEXT_INFO:
@@ -879,6 +880,7 @@ sshpam_query(void *ctx, char **name, char **info,
 				**echo_on = 0;
 				ctxt->pam_done = -1;
 				free(msg);
+				sshbuf_free(buffer);
 				return 0;
 			}
 			/* FALLTHROUGH */
@@ -905,6 +907,7 @@ sshpam_query(void *ctx, char **name, char **info,
 				**echo_on = 0;
 				ctxt->pam_done = 1;
 				free(msg);
+				sshbuf_free(buffer);
 				return (0);
 			}
 			error("PAM: %s for %s%.100s from %.100s", msg,
@@ -916,9 +919,11 @@ sshpam_query(void *ctx, char **name, char **info,
 			**echo_on = 0;
 			free(msg);
 			ctxt->pam_done = -1;
+			sshbuf_free(buffer);
 			return (-1);
 		}
 	}
+	sshbuf_free(buffer);
 	return (-1);
 }
 
-- 
cgit v1.2.3