[Bug 3539] New: sshbuf memory leak in recv_rexec_state()

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Feb 14 01:05:57 AEDT 2023


https://bugzilla.mindrot.org/show_bug.cgi?id=3539

            Bug ID: 3539
           Summary: sshbuf memory leak in recv_rexec_state()
           Product: Portable OpenSSH
           Version: 9.1p1
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: mbr at cipherdyne.org

Created attachment 3671
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3671&action=edit
fix sshbuf memory leak in recv_rexec_state()

In recv_rexec_state() the sshbuf 'inc' is not free'd before returning.
The attached trivial patch fixes this, and matches the behavior of
send_rexec_state() which does free a similarly allocated buffer of the
same name.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list