Don't reject _and_ accept X forwarding requests!

If a sharing downstream asks for an auth method we don't understand,
we should send them CHANNEL_FAILURE *and then stop processing*. Ahem.

(Spotted while examining this code in the course of Coverity-related
fixes, but not itself a Coverity-found problem.)

diff --git a/sshshare.c b/sshshare.c
index df64d6fe150492894a03934326c0bafddace930f..54d58a6624bfdb9b19b4d32afb37b2943e9e3751 100644 (file)
--- a/sshshare.c
+++ b/sshshare.c
@@ -1672,6 +1672,8 @@ static void share_got_pkt_from_downstream(struct ssh_sharing_connstate *cs,
                     PUT_32BIT(recipient_id, chan->downstream_id);
                     send_packet_to_downstream(cs, SSH2_MSG_CHANNEL_FAILURE,
                                               recipient_id, 4, NULL);
+                    sfree(auth_data);
+                    break;
                 }
 
                 chan->x11_auth_proto = auth_proto;