[Bug 3508] New: Memory leak in auth-pam
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Dec 9 05:47:41 AEDT 2022
https://bugzilla.mindrot.org/show_bug.cgi?id=3508
Bug ID: 3508
Summary: Memory leak in auth-pam
Product: Portable OpenSSH
Version: 9.1p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: PAM support
Assignee: unassigned-bugs at mindrot.org
Reporter: miazgapow at gmail.com
In auth-pam.c, in sshpam_init, where the SSH_CONNECTION environment
variable is being set, xasprintf is used. It allocates memory for the
formatted string and returns it via the global sshpam_conninfo, which
is later passed to pam_putenv, which copies the string. So memory under
sshpam_conninfo is never freed, and then a reference to it is lost on
another run of sshpam_init
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list