Potential memory leak in sshd [detected by melton]
Alan Barrett
apb at cequrux.com
Mon Feb 6 22:26:02 EST 2012
On Mon, 06 Feb 2012, ngel Gonzlez wrote:
>> The 10th report is another false positive:
>> Logic error Memory leak auth-options.i 10587 28 View Report
>> <http://lcs.ios.ac.cn/%7Exuzb/bugsfound/memleak/openssh-5.9p1/realbugs/sshd/report-mVEeJj.html#EndPath>
>>
>>
>> http://lcs.ios.ac.cn/~xuzb/bugsfound/memleak/openssh-5.9p1/realbugs/sshd/report-mVEeJj.html#EndPath
>> <http://lcs.ios.ac.cn/%7Exuzb/bugsfound/memleak/openssh-5.9p1/realbugs/sshd/report-mVEeJj.html#EndPath>
>>
>> Melton complains that in line 10587 the memory of data wasn't
>> released, but there's a call to buffer_free(&data);
>> in line 10585.
Similarly to several of the other cases, this leak occurs only
with unusual input. If "source-address" appears twice in the
options, then the allocation in line 10505 occurs twice; the first
allocation leaks, and the second allocation is freed later.
The presence of both "7 Taking true branch" and "21 Taking true
branch" at line 10504 is the clue that this leak occurs when
"source-address" appears twice.
--apb (Alan Barrett)
More information about the openssh-unix-dev
mailing list