> + const BIGNUM *pub_key;
> + if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0)
> + goto out;
> + DH_get0_key(kex->dh, &pub_key, NULL);
> + if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_INIT)) != 0 ||
> + (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 ||
> + (r = sshpkt_send(ssh)) != 0) {
> goto out;
> + }
> + }
> debug("SSH2_MSG_KEX_DH_GEX_INIT sent");
> #ifdef DEBUG_KEXDH
> DHparams_print_fp(stderr, kex->dh);
> @@ -134,10 +140,12 @@ input_kex_dh_gex_group(int type, u_int32
> ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_REPLY,
> &input_kex_dh_gex_reply);
> r = 0;
> out:
> - if (p)
> + if (r != 0) {
> BN_clear_free(p);
> - if (g)
> BN_clear_free(g);
> + DH_free(kex->dh);
> + kex->dh = NULL;
> + }
> return r;
BN_clear_free will null deref on this error path I think
