[PATCH] fix memory leak in mux_client_request_stdio_fwd
Boris Tonofa
boris.afonot at gmail.com
Sat Jun 14 06:23:39 AEST 2025
Hi,
This patch fixes a memory leak in mux_client_request_stdio_fwd().
If mux_client_read_packet() returned early due to EPIPE or EINTR, the
function exited without freeing the buffer allocated with sshbuf_new().
This patch ensures the sshbuf is always freed on all return paths.
The patch applies cleanly to current master and passes all CI tests.
GitHub mirror PR (with CI results):
https://github.com/openssh/openssh-portable/pull/575
Please review.
Thanks,
Boris
From 65fcdc9253518912d859bd6427a9c24d786da4e2 Mon Sep 17 00:00:00 2001
From: Boris Tonofa <b.tonofa at ideco.ru>
Date: Fri, 13 Jun 2025 00:06:32 +0300
Subject: [PATCH] fix memory leak in mux_client_request_stdio_fwd
---
mux.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/mux.c b/mux.c
index 415024f74..1069e3df4 100644
--- a/mux.c
+++ b/mux.c
@@ -2202,8 +2202,10 @@ mux_client_request_stdio_fwd(int fd)
sshbuf_reset(m);
if (mux_client_read_packet(fd, m) != 0) {
if (errno == EPIPE ||
- (errno == EINTR && muxclient_terminate != 0))
+ (errno == EINTR && muxclient_terminate != 0)) {
+ sshbuf_free(m);
return 0;
+ }
fatal_f("mux_client_read_packet: %s", strerror(errno));
}
fatal_f("master returned unexpected message %u", type);
--
2.47.0
More information about the openssh-unix-dev
mailing list