From 45690865693d6075b5d6937545cf15b5f6e73cae Mon Sep 17 00:00:00 2001
From: dtucker <dtucker@openbsd.org>
Date: Sun, 5 Mar 2023 08:18:58 +0000
Subject: [PATCH] Plug mem leak in moduli checkpoint option parsing. From
 Coverity CID 291894.

---
 usr.bin/ssh/ssh-keygen.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c
index 8d5aa800e3c..58f1c5d26d2 100644
--- a/usr.bin/ssh/ssh-keygen.c
+++ b/usr.bin/ssh/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.463 2023/02/28 08:45:24 dtucker Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.464 2023/03/05 08:18:58 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -3030,6 +3030,7 @@ do_moduli_screen(const char *out_file, char **opts, size_t nopts)
 	    generator_wanted, checkpoint,
 	    start_lineno, lines_to_process) != 0)
 		fatal("modulus screening failed");
+	free(checkpoint);
 #else /* WITH_OPENSSL */
 	fatal("Moduli screening is not supported");
 #endif /* WITH_OPENSSL */
-- 
2.20.1