[Bug 2942] New: minor memory leak in ssh_set_newkeys()

Fri Dec 7 21:19:40 AEDT 2018

https://bugzilla.mindrot.org/show_bug.cgi?id=2942

            Bug ID: 2942
           Summary: minor memory leak in ssh_set_newkeys()
           Product: Portable OpenSSH
           Version: 7.9p1
          Hardware: All
                OS: Mac OS X
            Status: NEW
          Severity: trivial
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: markus at blueflash.cc

During initialization there a memory leak occurs in 
ssh_set_newkeys().

During startup  ssh_set_newkeys()  is called twice, once with MODE_OUT
and once with MODE_IN.

Accordingly the ccp pointer points to state->send_context and
state->receive_context

At this time state->newkeys[mode] is stil NULL, so the if-clause
("rekeying") does not apply.

Further down cipher_init(ccp, ) is called.

First thing that cipher_init() does is setting *ccp= NULL;  which is be
equivalent to "state->send_context= NULL" (or "state->send_context=
NULL").

These point to memory blocks already.
The pointers are lost, the memory leaks. 

Proposal: move 

                cipher_free(*ccp);
                *ccp = NULL;

from the "rekeying" if-clause and place these two lines before calling
cipher_init().

Alternately add 

          if (*ccp!=NULL) {
                cipher_free(*ccp);
                *ccp = NULL;
          }

before calling cipher_init().

-- 
You are receiving this mail because:
You are watching the assignee of the bug.