From 266174a6d36687b65cf90174f06af90b8b27c65f Mon Sep 17 00:00:00 2001
From: Francesco Rollo <eferollo@gmail.com>
Date: Thu, 24 Jul 2025 16:30:07 +0300
Subject: [PATCH 1/3] CVE-2025-8277: Fix memory leak of unused ephemeral key
 pair after client's wrong KEX guess

Signed-off-by: Francesco Rollo <eferollo@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit ccff22d3787c1355b3f0dcd09fe54d90acc55bf1)

CVE: CVE-2025-8277

Upstream-Status: Backport [https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=266174a6d36687b65cf90174f06af90b8b27c65f]

Signed-off-by: Rajeshkumar Ramasamy <rajeshkumar.ramasamy@windriver.com>
---
 src/ecdh_gcrypt.c     | 6 ++++++
 src/ecdh_mbedcrypto.c | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/src/ecdh_gcrypt.c b/src/ecdh_gcrypt.c
index bc45adf7..b2e5390c 100644
--- a/src/ecdh_gcrypt.c
+++ b/src/ecdh_gcrypt.c
@@ -101,6 +101,12 @@ int ssh_client_ecdh_init(ssh_session session)
         goto out;
     }
 
+    /* Free any previously allocated privkey */
+    if (session->next_crypto->ecdh_privkey != NULL) {
+        gcry_sexp_release(session->next_crypto->ecdh_privkey);
+        session->next_crypto->ecdh_privkey = NULL;
+    }
+
     session->next_crypto->ecdh_privkey = key;
     key = NULL;
     session->next_crypto->ecdh_client_pubkey = client_pubkey;
diff --git a/src/ecdh_mbedcrypto.c b/src/ecdh_mbedcrypto.c
index fa350028..f7b0301b 100644
--- a/src/ecdh_mbedcrypto.c
+++ b/src/ecdh_mbedcrypto.c
@@ -65,6 +65,12 @@ int ssh_client_ecdh_init(ssh_session session)
         return SSH_ERROR;
     }
 
+    /* Free any previously allocated privkey */
+    if (session->next_crypto->ecdh_privkey != NULL) {
+        mbedtls_ecp_keypair_free(session->next_crypto->ecdh_privkey);
+        SAFE_FREE(session->next_crypto->ecdh_privkey);
+    }
+
     session->next_crypto->ecdh_privkey = malloc(sizeof(mbedtls_ecp_keypair));
     if (session->next_crypto->ecdh_privkey == NULL) {
         return SSH_ERROR;
-- 
2.48.1