[Bug 2401] New: sshd copying options leaks memory

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed May 20 16:38:27 AEST 2015


https://bugzilla.mindrot.org/show_bug.cgi?id=2401

            Bug ID: 2401
           Summary: sshd copying options leaks memory
           Product: Portable OpenSSH
           Version: 6.8p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: jjelen at redhat.com

Created attachment 2623
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2623&action=edit
proposed patch

To continue with my thematic reports about memory usage, valgrind
showed up some more memory problems around handling server options. And
after some basic understanding of what is going on around there, I came
to this upstream commit:

https://anongit.mindrot.org/openssh.git/commit/?id=d8478b6a9b32760d47c2419279c4a73f5f88fdb6

The core of problem is that when you read options from file, you
allocate memory for them and then you copy them to another options
structure using xstrdup, which leaves behind two copies abandoned. One
is still left in old array (never freed) and the other is overwritten
by a copy you are assigning to the target array.

Proposing patch that handles memory proper way:
 1) In first cycle go through the target array and free all strings
 2) In second cycle move values from first array to the other
It requires one more variable to operate (chosen classic i).
Fortunately, the macro can't be used anywhere else so we can depend on
local variable.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list