From b3949e7e90c4b8f391e3083a45692d7a8c700db5 Mon Sep 17 00:00:00 2001
From: simon <simon@cda61777-01e9-0310-a592-d414129be87e>
Date: Thu, 1 Jan 2004 16:42:48 +0000
Subject: [PATCH] Joe Yates's memory leak patch was overenthusiastically
 freeing things; it called freebn on the DH gex values even if DH gex had not
 taken place. Bug was trivially reproducible as a NULL-dereference segfault by
 making any SSH2 connection with DH gex disabled. Should now be fixed.

git-svn-id: svn://svn.tartarus.org/sgt/putty@3678 cda61777-01e9-0310-a592-d414129be87e
---
 ssh.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/ssh.c b/ssh.c
index 1d887230..61786b10 100644
--- a/ssh.c
+++ b/ssh.c
@@ -4356,9 +4356,11 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen, int ispkt)
 	logeventf(ssh, "Initialised %s decompression",
 		  ssh->sccomp->text_name);
     freebn(s->f);
-    freebn(s->g);
     freebn(s->K);
-    freebn(s->p);
+    if (ssh->kex == &ssh_diffiehellman_gex) {
+	freebn(s->g);
+	freebn(s->p);
+    }
 
     /*
      * If this is the first key exchange phase, we must pass the
-- 
2.11.0