[PATCH] fix memory leak in client_global_hostkeys_prove_confirm

Boris Tonofa boris.afonot at gmail.com
Sat Jun 14 05:44:39 AEST 2025


Hi,

This patch fixes a memory leak in client_global_hostkeys_prove_confirm().

The buffer 'signdata', allocated with sshbuf_new(), was not freed on any 
exit path in this function. This patch ensures that the buffer is 
properly released before returning.

The patch applies cleanly to current master and passes all CI tests.

GitHub mirror PR (with CI results):
   https://github.com/openssh/openssh-portable/pull/574

Please review.

Thanks,
Boris

 From 41ba11508d4486be441c85f853564335ff413971 Mon Sep 17 00:00:00 2001
From: Boris Tonofa <b.tonofa at ideco.ru>
Date: Thu, 12 Jun 2025 23:44:01 +0300
Subject: [PATCH] fix memory leak in client_global_hostkeys_prove_confirm

---
  clientloop.c | 1 +
  1 file changed, 1 insertion(+)

diff --git a/clientloop.c b/clientloop.c
index 916fc077b..7293ecb8f 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -2420,6 +2420,7 @@ client_global_hostkeys_prove_confirm(struct ssh 
*ssh, int type,
  	/* Make the edits to known_hosts */
  	update_known_hosts(ctx);
   out:
+ 	sshbuf_free(signdata);
  	hostkeys_update_ctx_free(ctx);
  	hostkeys_update_complete = 1;
  	client_repledge();
-- 
2.47.0



More information about the openssh-unix-dev mailing list