File libssh-CVE-2025-8277-ecdh-Free-previously-allocated-pubkeys.patch of Package libssh.40697
From c9d95ab0c7a52b231bcec09afbea71944ed0d852 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 6 Aug 2025 11:10:38 +0200
Subject: [PATCH 11/20] CVE-2025-8277: ecdh: Free previously allocated pubkeys
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Index: libssh-0.10.6/src/ecdh_crypto.c
===================================================================
--- libssh-0.10.6.orig/src/ecdh_crypto.c
+++ libssh-0.10.6/src/ecdh_crypto.c
@@ -220,6 +220,7 @@ int ssh_client_ecdh_init(ssh_session ses
   }
 
   session->next_crypto->ecdh_privkey = key;
+  ssh_string_free(session->next_crypto->ecdh_client_pubkey);
   session->next_crypto->ecdh_client_pubkey = client_pubkey;
 
   /* register the packet callbacks */
Index: libssh-0.10.6/src/ecdh_gcrypt.c
===================================================================
--- libssh-0.10.6.orig/src/ecdh_gcrypt.c
+++ libssh-0.10.6/src/ecdh_gcrypt.c
@@ -106,9 +106,10 @@ int ssh_client_ecdh_init(ssh_session ses
         gcry_sexp_release(session->next_crypto->ecdh_privkey);
         session->next_crypto->ecdh_privkey = NULL;
     }
-
     session->next_crypto->ecdh_privkey = key;
     key = NULL;
+
+    SSH_STRING_FREE(session->next_crypto->ecdh_client_pubkey);
     session->next_crypto->ecdh_client_pubkey = client_pubkey;
     client_pubkey = NULL;