Potential memory leak in sshd [detected by melton]

Ángel González keisial at gmail.com
Mon Feb 6 07:51:32 EST 2012

On 04/02/12 02:55, Zhenbo Xu wrote:
> I also applied melton(http://lcs.ios.ac.cn/~xuzb/melton.html)
> to detect the potential bugs in sshd (openssh-5.9p1).
> The url below is the index of bug reports that are checked as real
> bugs manually.
> http://lcs.ios.ac.cn/~xuzb/bugsfound/memleak/openssh-5.9p1/realbugs/sshd/index.html
> Shall we fix these bugs? Or just let them go since they are not so serious?
> Hope for your replies!

The second leak

Logic error 	Memory leak 	session.i 	13193 	13 	View Report


is a false positive.

The only way to exit the infinite loop is the return of line 13267.
And line 13266 calls session_close(), which frees s->auth_data in line
(granted, it's tricky to follow...)

The analysis seem to have stopped in line 13193, after step 14.

As a suggestion, I recommend you to make the messages "Execution
continues on line 12345"
links to line 12345.
Also, going to the opening brace from the closing one would be useful
when dealing with big blocks.

More information about the openssh-unix-dev mailing list