[Bug 1967] Potential memory leak in ssh [detected by melton]

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Jun 5 13:38:22 AEST 2015


https://bugzilla.mindrot.org/show_bug.cgi?id=1967

--- Comment #17 from Damien Miller <djm at mindrot.org> ---
Comment on attachment 2124
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2124
fix memory leaks

I think there is nothing left to do here:

>--- mux.c	18 Dec 2011 23:52:21 -0000	1.35
>+++ mux.c	30 Dec 2011 09:19:51 -0000

All committed

>Index: readconf.c
>===================================================================
>RCS file: /home/dtucker/openssh/cvs/openssh/readconf.c,v
>retrieving revision 1.174
>diff -u -p -r1.174 readconf.c
>--- readconf.c	2 Oct 2011 07:59:03 -0000	1.174
>+++ readconf.c	30 Dec 2011 09:42:23 -0000
>@@ -1063,6 +1063,8 @@ parse_int:
> 		fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
> 		    filename, linenum, arg);
> 	}
>+	if (arg != NULL)
>+		xfree(arg);
> 	return 0;

This is incorrect - arg comes from strdelim here and is a pointer
somewhere
inside the line being parsed. It cannot be freed itself.

>--- sshconnect2.c	29 May 2011 11:42:34 -0000	1.180
>+++ sshconnect2.c	30 Dec 2011 09:27:33 -0000
>@@ -1323,8 +1323,11 @@ load_identity_file(char *filename)
> 		return NULL;
> 	}
> 	private = key_load_private_type(KEY_UNSPEC, filename, "", NULL, &perm_ok);
>-	if (!perm_ok)
>+	if (!perm_ok) {
>+		if (private != NULL)
>+			key_free(private);

This code has been refactored and the leak eliminated.

>@@ -1892,9 +1895,9 @@ authmethod_get(char *authlist)
> 			xfree(name);
> 			return current;
> 		}
>+		if (name != NULL)
>+			xfree(name);

This is already there.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list