[Bug 1967] Potential memory leak in ssh [detected by melton]
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Jun 5 13:38:22 AEST 2015
https://bugzilla.mindrot.org/show_bug.cgi?id=1967
--- Comment #17 from Damien Miller <djm at mindrot.org> ---
Comment on attachment 2124
--> https://bugzilla.mindrot.org/attachment.cgi?id=2124
fix memory leaks
I think there is nothing left to do here:
>--- mux.c 18 Dec 2011 23:52:21 -0000 1.35
>+++ mux.c 30 Dec 2011 09:19:51 -0000
All committed
>Index: readconf.c
>===================================================================
>RCS file: /home/dtucker/openssh/cvs/openssh/readconf.c,v
>retrieving revision 1.174
>diff -u -p -r1.174 readconf.c
>--- readconf.c 2 Oct 2011 07:59:03 -0000 1.174
>+++ readconf.c 30 Dec 2011 09:42:23 -0000
>@@ -1063,6 +1063,8 @@ parse_int:
> fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
> filename, linenum, arg);
> }
>+ if (arg != NULL)
>+ xfree(arg);
> return 0;
This is incorrect - arg comes from strdelim here and is a pointer
somewhere
inside the line being parsed. It cannot be freed itself.
>--- sshconnect2.c 29 May 2011 11:42:34 -0000 1.180
>+++ sshconnect2.c 30 Dec 2011 09:27:33 -0000
>@@ -1323,8 +1323,11 @@ load_identity_file(char *filename)
> return NULL;
> }
> private = key_load_private_type(KEY_UNSPEC, filename, "", NULL, &perm_ok);
>- if (!perm_ok)
>+ if (!perm_ok) {
>+ if (private != NULL)
>+ key_free(private);
This code has been refactored and the leak eliminated.
>@@ -1892,9 +1895,9 @@ authmethod_get(char *authlist)
> xfree(name);
> return current;
> }
>+ if (name != NULL)
>+ xfree(name);
This is already there.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list