?? memory leak in 3des1
pruiksma at freesurf.fr
pruiksma at freesurf.fr
Tue Dec 23 07:06:15 EST 2003
Hello,
quoted patch free's cipher_data malloc'd in calls to EVP_CipherInit() in
ssh1_3des_init(), at least linked with openssl >= 0.9.7. It does not
appear to me (superficial scan) that there is any harm in calling the
_cleanup routine with earlier openssl.
fwiw
:laird
--- openssh-3.7.1p2/cipher-3des1.c Tue Sep 23 05:24:21 2003
+++ src37m/cipher-3des1.c Mon Dec 15 08:26:30 2003
@@ -126,6 +126,11 @@
struct ssh1_3des_ctx *c;
if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
+#ifndef SSH_OLD_EVP
+ EVP_CIPHER_CTX_cleanup(&c->k1);
+ EVP_CIPHER_CTX_cleanup(&c->k2);
+ EVP_CIPHER_CTX_cleanup(&c->k3);
+#endif
memset(c, 0, sizeof(*c));
xfree(c);
EVP_CIPHER_CTX_set_app_data(ctx, NULL);
OK, my reading of the code may be faulty, but is it that much worse than all
the sex-aid messages that make it onto the list?
<openssh-unix-dev at mindrot.org>:
203.217.30.81 does not like recipient.
Remote host said: 450 Client host rejected: cannot find your hostname,
[206.152.191.132]
Giving up on 203.217.30.81.
I'm not going to try again; this message has been in the queue too long.
More information about the openssh-unix-dev
mailing list