[Bug 2898] New: Memory leak in userauth_pubkey

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue Aug 21 20:24:02 AEST 2018


https://bugzilla.mindrot.org/show_bug.cgi?id=2898

            Bug ID: 2898
           Summary: Memory leak in userauth_pubkey
           Product: Portable OpenSSH
           Version: -current
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: cjwatson at debian.org

Created attachment 3171
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3171&action=edit
Fix memory leak in userauth_pubkey

While reviewing a backport of commit
74287f5df9966a0648b4a68417451dd18f079ab8 (OpenBSD
b4891882fbe413f230fe8ac8a37349b03bd0b70d; the "delay bailout for
invalid authenticating user" patch), I noticed that the change to
initialise b to NULL didn't seem to be paired with corresponding
cleanup code in the way that I'd expect.  I think there's a memory leak
on one error path.  Patch attached (only compile-tested).

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list