[PATCH] small memory leak in channels.c
Markus Schmidt
markus at blueflash.cc
Tue Dec 4 00:11:24 AEDT 2018
I think found a small memory leak in channels.c
I can't reach bugzilla at the moment, so I'll start testing the waters
with a small patch directly to the list.
Note: This is my first contribution to the openssh source and I'm
porting my findings from a macOS/Windows port back to the original
source. So please be gentle with my possible wrongdoings and errors.
In any case, I think this should be pretty straightforward:
In channels.c there is the channel_init_channels() function, which
initially callocates memory for the sc structure and immediately also
callocates and fills the sc->channel_pre and sc->channel_post pointer
members.
Then, after a few lines of code, it finally calls the
channel_handler_init(sc) function.
Now, the channel channel_handler_init() also callocates memory for pre
and post and finally assigns its pointers into the sc struct pointer
members.
sc->channel_pre = pre;
sc->channel_post = post;
However, at this point, sc->channel_pre and sc->channel_post are already
filled with the pointers to the memory blocks which
channel_init_channels() had allocated.
Thus these pointers get lost and the memory blocks leak.
Proposal: don't have chanell_init_channel() allocate these. Let
channel_init_channels() do it.
diff --git a/channels.c b/channels.c
index e3b9eea..e0df8a9 100755
--- a/channels.c
+++ b/channels.c
@@ -221,11 +221,7 @@ channel_init_channels(struct ssh *ssh)
{
struct ssh_channels *sc;
- if ((sc = calloc(1, sizeof(*sc))) == NULL ||
- (sc->channel_pre = calloc(SSH_CHANNEL_MAX_TYPE,
- sizeof(*sc->channel_pre))) == NULL ||
- (sc->channel_post = calloc(SSH_CHANNEL_MAX_TYPE,
- sizeof(*sc->channel_post))) == NULL)
+ if ((sc = calloc(1, sizeof(*sc))) == NULL)
fatal("%s: allocation failed", __func__);
sc->channels_alloc = 10;
sc->channels = xcalloc(sc->channels_alloc, sizeof(*sc->channels));
Markus
More information about the openssh-unix-dev
mailing list