From a2913d8937672a42db79c4ea30497ad112c77585 Mon Sep 17 00:00:00 2001
From: djm <djm@openbsd.org>
Date: Sat, 24 Jul 2021 01:55:19 +0000
Subject: [PATCH] don't leak environment= variable when it is not the first
 match

---
 usr.bin/ssh/auth-options.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/usr.bin/ssh/auth-options.c b/usr.bin/ssh/auth-options.c
index 75445737034..f63cbc19dcc 100644
--- a/usr.bin/ssh/auth-options.c
+++ b/usr.bin/ssh/auth-options.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.c,v 1.96 2021/07/23 03:57:20 djm Exp $ */
+/* $OpenBSD: auth-options.c,v 1.97 2021/07/24 01:55:19 djm Exp $ */
 /*
  * Copyright (c) 2018 Damien Miller <djm@mindrot.org>
  *
@@ -407,8 +407,10 @@ sshauthopt_parse(const char *opts, const char **errstrp)
 				errstr = "invalid environment string";
 				goto fail;
 			}
-			if ((cp = strdup(opt)) == NULL)
+			if ((cp = strdup(opt)) == NULL) {
+				free(opt);
 				goto alloc_fail;
+			}
 			l = (size_t)(tmp - opt);
 			cp[l] = '\0'; /* truncate at '=' */
 			if (!valid_env_name(cp)) {
@@ -437,7 +439,9 @@ sshauthopt_parse(const char *opts, const char **errstrp)
 					goto alloc_fail;
 				}
 				ret->env[ret->nenv++] = opt;
+				opt = NULL; /* transferred */
 			}
+			free(opt);
 		} else if (opt_match(&opts, "permitopen")) {
 			if (handle_permit(&opts, 0, &ret->permitopen,
 			    &ret->npermitopen, &errstr) != 0)
-- 
2.20.1