[PATCH] small memory leak in channels.c

Markus Schmidt markus at blueflash.cc
Tue Dec 4 00:11:24 AEDT 2018

I think found a small memory leak in channels.c

I can't reach bugzilla at the moment, so I'll start testing the waters 
with a small patch directly to the list.

Note: This is my first contribution to the openssh source and I'm 
porting my findings from a macOS/Windows port back to the original 
source. So please be gentle with my possible wrongdoings and errors.

In any case, I think this should be pretty straightforward:

In channels.c there is the channel_init_channels() function, which 
initially callocates memory for the sc structure and immediately also 
callocates and fills the sc->channel_pre and sc->channel_post pointer 

Then, after a few lines of code, it finally calls the 
channel_handler_init(sc) function.

Now, the channel channel_handler_init() also callocates memory for pre 
and post and finally assigns its pointers into the sc struct pointer 

         sc->channel_pre = pre;
         sc->channel_post = post;

However, at this point, sc->channel_pre and sc->channel_post are already 
filled with the pointers to the memory blocks which 
channel_init_channels() had allocated.

Thus these pointers get lost and the memory blocks leak.

Proposal: don't have chanell_init_channel() allocate these.  Let 
channel_init_channels() do it.

diff --git a/channels.c b/channels.c
index e3b9eea..e0df8a9 100755
--- a/channels.c
+++ b/channels.c
@@ -221,11 +221,7 @@ channel_init_channels(struct ssh *ssh)
         struct ssh_channels *sc;

-       if ((sc = calloc(1, sizeof(*sc))) == NULL ||
-           (sc->channel_pre = calloc(SSH_CHANNEL_MAX_TYPE,
-           sizeof(*sc->channel_pre))) == NULL ||
-           (sc->channel_post = calloc(SSH_CHANNEL_MAX_TYPE,
-           sizeof(*sc->channel_post))) == NULL)
+       if ((sc = calloc(1, sizeof(*sc))) == NULL)
                 fatal("%s: allocation failed", __func__);
         sc->channels_alloc = 10;
         sc->channels = xcalloc(sc->channels_alloc, sizeof(*sc->channels));


More information about the openssh-unix-dev mailing list