memleak of DH public bignum; found with libfuzzer

1 files changed, 2 insertions, 1 deletions

diff --git a/usr.bin/ssh/kexdh.c b/usr.bin/ssh/kexdh.c
index d613f76f3e4..c0958a011bb 100644
--- a/usr.bin/ssh/kexdh.c
+++ b/usr.bin/ssh/kexdh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexdh.c,v 1.33 2020/05/08 05:13:14 djm Exp $ */
+/* $OpenBSD: kexdh.c,v 1.34 2020/12/04 02:29:25 djm Exp $ */
 /*
  * Copyright (c) 2019 Markus Friedl.  All rights reserved.
  *
@@ -187,6 +187,7 @@ kex_dh_dec(struct kex *kex, const struct sshbuf *dh_blob,
 	*shared_secretp = buf;
 	buf = NULL;
  out:
+	BN_free(dh_pub);
 	DH_free(kex->dh);
 	kex->dh = NULL;
 	sshbuf_free(buf);