Potential memory leak in sshd [detected by melton]

Ángel González keisial at gmail.com
Mon Feb 6 07:38:41 EST 2012

On 05/02/12 06:54, Zhenbo Xu wrote:
> What about this report
> http://lcs.ios.ac.cn/~xuzb/bugsfound/memleak/openssh-5.9p1/realbugs/sshd/report-uWzwb1.html#EndPath
> ?
> At the end of the function server_accept_loop, fdset leaks. It means each
> time the master sshd accept a new connection, it create a new space for
> fdset but no free it. Or it is a false positive?
No. Before allocating the fdset (line 14156), it frees the previous one
if present (line 14155).

There's a small leak of the last one when it exits the infinite loop. It
should probably free fdset on line 14330.

It seems an odd way, doing the free() + calloc() on every iteration.
Seems easier to do
if (fdset != NULL)
  bzero(fdset, ...);
  fdset = xcalloc(...);

maxfd can be decreased in line 14236, but that doesn't require the
xfree() + xcalloc() pattern.

More information about the openssh-unix-dev mailing list