From 45b0eb752c94954a6de046bfaaf129e518ad4b5b Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Wed, 19 Aug 2015 23:18:26 +0000
Subject: upstream commit

fix free() of uninitialised pointer reported by Mateusz
 Kocielski; ok markus@

Upstream-ID: 519552b050618501a06b7b023de5cb104e2c5663
---
 mux.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'mux.c')

diff --git a/mux.c b/mux.c
index cdc01bd4f..e6136fd28 100644
--- a/mux.c
+++ b/mux.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mux.c,v 1.53 2015/05/01 04:03:20 djm Exp $ */
+/* $OpenBSD: mux.c,v 1.54 2015/08/19 23:18:26 djm Exp $ */
 /*
  * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
  *
@@ -665,6 +665,8 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
 	u_int lport, cport;
 	int i, ret = 0, freefwd = 1;
 
+	memset(&fwd, 0, sizeof(fwd));
+
 	/* XXX - lport/cport check redundant */
 	if (buffer_get_int_ret(&ftype, m) != 0 ||
 	    (listen_addr = buffer_get_string_ret(m, NULL)) == NULL ||
@@ -832,6 +834,8 @@ process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
 	int i, ret = 0;
 	u_int lport, cport;
 
+	memset(&fwd, 0, sizeof(fwd));
+
 	if (buffer_get_int_ret(&ftype, m) != 0 ||
 	    (listen_addr = buffer_get_string_ret(m, NULL)) == NULL ||
 	    buffer_get_int_ret(&lport, m) != 0 ||
-- 
cgit v1.2.3