Ticket #130 (closed defect)
Dangling pointer in file_read_publickey
|Reported by:||anonymous||Owned by:||bagder|
Memory for public key in userauth.c:file_read_publickey() is allocated to (pubkey), then on line 548 pointer is saved to (*method), then in case of failure in libssh2_base64_decode() original pointer in (pubkey) is freed on line 562, leaving dangling pointer in (*method). When session is closed in session.c:session_free() on line 854 it will try to free memory again which may lead to crash. Moving '*method = pubkey' after libssh2_base64_decode in file_read_publickey could fix this problem.