From 8008b595d376062556bc3e86f6e0f2ef631d7cf5 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Tue, 24 Feb 2015 22:17:04 +0800
Subject: [PATCH] Some additional cleanup functions

---
 common-session.c | 15 ++++++++++++---
 svr-session.c    |  3 ++-
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/common-session.c b/common-session.c
index a225b216..971955af 100644
--- a/common-session.c
+++ b/common-session.c
@@ -260,13 +260,16 @@ void session_cleanup() {
 		return;
 	}
 
+	/* Beware of changing order of functions here. */
+
+	/* Must be before extra_session_cleanup() */
+	chancleanup();
+
 	if (ses.extra_session_cleanup) {
 		ses.extra_session_cleanup();
 	}
 
-	chancleanup();
-
-	/* Most dropbear functions are unsafe to run after this point */
+	/* After these are freed most functions will exit */
 #ifdef DROPBEAR_CLEANUP
 	/* listeners call cleanup functions, this should occur before
 	other session state is freed. */
@@ -289,6 +292,12 @@ void session_cleanup() {
 	cleanup_buf(&ses.payload);
 	cleanup_buf(&ses.readbuf);
 	cleanup_buf(&ses.writepayload);
+	cleanup_buf(&ses.kexhashbuf);
+	cleanup_buf(&ses.transkexinit);
+	if (ses.dh_K) {
+		mp_clear(ses.dh_K);
+	}
+	m_free(ses.dh_K);
 
 	m_burn(ses.keys, sizeof(struct key_context));
 	m_free(ses.keys);
diff --git a/svr-session.c b/svr-session.c
index 2b8a9560..8485905c 100644
--- a/svr-session.c
+++ b/svr-session.c
@@ -83,8 +83,9 @@ svr_session_cleanup(void) {
 	svr_pubkey_options_cleanup();
 
 	m_free(svr_ses.addrstring);
-	m_free(svr_ses.childpids);
 	m_free(svr_ses.remotehost);
+	m_free(svr_ses.childpids);
+	svr_ses.childpidsize = 0;
 }
 
 static void
-- 
GitLab