From a1221e3b8515771f147f964224808b204505aae1 Mon Sep 17 00:00:00 2001
From: Konstantin Demin <rockdrilla@gmail.com>
Date: Tue, 16 Oct 2018 16:31:38 +0300
Subject: [PATCH] dropbear: avoid leak of ecdh public key

cherry-pick upstream commit 38c9408cf859525029f6eb4fe00b50259e08e3f2

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
---
 .../patches/007-avoid-leak-of-ecdh-public-key.patch  | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 package/network/services/dropbear/patches/007-avoid-leak-of-ecdh-public-key.patch

diff --git a/package/network/services/dropbear/patches/007-avoid-leak-of-ecdh-public-key.patch b/package/network/services/dropbear/patches/007-avoid-leak-of-ecdh-public-key.patch
new file mode 100644
index 0000000000..861420b657
--- /dev/null
+++ b/package/network/services/dropbear/patches/007-avoid-leak-of-ecdh-public-key.patch
@@ -0,0 +1,12 @@
+--- a/common-kex.c
++++ b/common-kex.c
+@@ -687,6 +687,9 @@ void kexecdh_comb_key(struct kex_ecdh_pa
+ 	/* K, the shared secret */
+ 	buf_putmpint(ses.kexhashbuf, ses.dh_K);
+ 
++	ecc_free(Q_them);
++	m_free(Q_them);
++
+ 	/* calculate the hash H to sign */
+ 	finish_kexhashbuf();
+ }
-- 
2.30.2