From 6ddb730a27338983851248af59b128b995aad256 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 6 May 2025 22:43:31 +0200
Subject: CVE-2025-5351 pki_crypto: Avoid double-free on low-memory conditions

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

Upstream-Status: Backport [https://git.libssh.org/projects/libssh.git/commit/?id=6ddb730a27338983851248af59b128b995aad256]
CVE: CVE-2025-5351
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
 src/pki_crypto.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index 5b0d7ded..aec49544 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -2023,6 +2023,7 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
             bignum_safe_free(bn);
             bignum_safe_free(be);
             OSSL_PARAM_free(params);
+            params = NULL;
 #endif /* OPENSSL_VERSION_NUMBER */
             break;
         }
@@ -2143,6 +2144,7 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
  */
 #if 0
                 OSSL_PARAM_free(params);
+                params = NULL;
 #endif /* OPENSSL_VERSION_NUMBER */
 
                 if (key->type == SSH_KEYTYPE_SK_ECDSA &&
-- 
2.49.0