[Bug 3559] New: Mini memory leak and needless(?) const/static qualifier.

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Apr 6 20:14:38 AEST 2023


https://bugzilla.mindrot.org/show_bug.cgi?id=3559

            Bug ID: 3559
           Summary: Mini memory leak and needless(?) const/static
                    qualifier.
           Product: Portable OpenSSH
           Version: 8.5p1
          Hardware: Other
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: m.schmidt at emtec.com

in sshconnect2.c in function ssh_kex2() the function
kex_default_pk_alg() is called.

This function is from readconf.c and has the following prototype:
const char *kex_default_pk_alg(void);

The function looks like this:

const char *
kex_default_pk_alg(void)
{
    static char *pkalgs;

    if (pkalgs == NULL) {
        char *all_key;

        all_key = sshkey_alg_list(0, 0, 1, ',');
        pkalgs = match_filter_allowlist(KEX_DEFAULT_PK_ALG, all_key);
        free(all_key);
    }
    return pkalgs;
}


It internally buffers the result for match_filter_allowlist() in a
static variable, which makes it impossible to free the result and
essentially makes it leak.

Since the function is only called twice in the whole program (above
mentioned ssh_kex2() and dump_client_config()) and even only once in
each control paths, I believe the pkalgs could be made non-static and
could then be freed by the callers.

Also, both callers (ssh_kex2() and dump_client_config() compute
sshkey_alg_list(0, 0, 1, ','); prior to calling kex_default_pk_alg()
which then computes the same again, so that value could be passed to
kex_default_pk_alg() as a parameter).

If you are interested in fixing this I can make a proposed patch.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list