From acb158e8277adad473ed32ea1640a3d0b70d733b Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 6 May 2025 22:43:31 +0200
Subject: CVE-2025-5351 pki_crypto: Avoid double-free on low-memory conditions

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/pki_crypto.c | 2 ++
 1 file changed, 2 insertions(+)

Index: libssh-0.10.6/src/pki_crypto.c
===================================================================
--- libssh-0.10.6.orig/src/pki_crypto.c
+++ libssh-0.10.6/src/pki_crypto.c
@@ -1962,6 +1962,7 @@ ssh_string pki_publickey_to_blob(const s
             bignum_safe_free(bg);
             bignum_safe_free(bpub_key);
             OSSL_PARAM_free(params);
+            params = NULL;
 #endif /* OPENSSL_VERSION_NUMBER */
 
             break;
@@ -2023,6 +2024,7 @@ ssh_string pki_publickey_to_blob(const s
             bignum_safe_free(bn);
             bignum_safe_free(be);
             OSSL_PARAM_free(params);
+            params = NULL;
 #endif /* OPENSSL_VERSION_NUMBER */
             break;
         }