cancel_address is allocated in packet_get_string and used in the call to channel_cancel_rport_listener and then it goes out of scope. This patch adds the xfree. This entire set of patches passed the regression tests on my system. Resource leak bug found by Coverity. Signed-off-by: Kylene Hall <kjhall at us.ibm.com> --- serverloop.c | 1 + 1 files changed, 1 insertion(+) diff -uprN openssh-4.3p2/serverloop.c openssh-4.3p2-kylie/serverloop.c --- openssh-4.3p2/serverloop.c 2005-12-30 23:33:37.000000000 -0600 +++ openssh-4.3p2-kylie/serverloop.c 2006-05-03 16:52:06.000000000 -0500 @@ -1085,6 +1085,7 @@ server_input_global_request(int type, u_ success = channel_cancel_rport_listener(cancel_address, cancel_port); + xfree(cancel_address); } if (want_reply) { packet_start(success ?