From 7e450cb80a476b5f96e9c9da67e21ffebcc4b375 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 16 Apr 2026 10:09:59 +0200
Subject: [PATCH] libssh2: allocate libssh2-friendly memory in kbd_callback

The function libssh2_userauth_keyboard_interactive_ex() calls the
callback and is documented to call free() on the memory returned to
libssh2 from the callback. libcurl can therefore not use the regular
curlx_strdup() for this, as that is not compatible in debug builds or
when curl_global_init_mem() is used.

Fixes #21336
Closes #21338
---
 lib/vssh/libssh2.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c
index e4d35bbdcf..4e2a72269f 100644
--- a/lib/vssh/libssh2.c
+++ b/lib/vssh/libssh2.c
@@ -148,7 +148,9 @@ static void kbd_callback(const char *name, int name_len,
 #endif /* CURL_LIBSSH2_DEBUG */
   if(num_prompts == 1) {
     struct connectdata *conn = data->conn;
-    responses[0].text = curlx_strdup(conn->passwd);
+    /* this function must allocate memory that can be freed by libssh2, which
+       uses the LIBSSH2_FREE_FUNC callback */
+    responses[0].text = Curl_cstrdup(conn->passwd);
     responses[0].length =
       responses[0].text == NULL ? 0 : curlx_uztoui(strlen(conn->passwd));
   }