[PATCH] v2 of client leaks ssh context, host_arg and packet.c leaks kex-structure.
Markus Schmidt
markus at blueflash.cc
Wed Feb 6 01:11:38 AEDT 2019
The patch I sent with the earlier mail for the problem described below
had a hunk (packet.c#590) that should not have been there.
I also filed the correct patch to bugzila.
https://bugzilla.mindrot.org/show_bug.cgi?id=2962
Sorry for the bad patch.
Best regards
Markus Schmidt
On 02.05.19 11:44 , Markus Schmidt wrote:
> After completing the session, the client leaks the ssh structure and the
> host_arg.
>
> Also, on cleanup, packet.c leaks the kex-structure (which is held inside
> the ssh struct).
>
> I've also moved host_arg from global to local variable, because it is
> only passed to one function.
>
> Patch is attached
-------------- next part --------------
diff --git a/packet.c b/packet.c
index ec03301..a330916 100644
--- a/packet.c
+++ b/packet.c
@@ -638,6 +638,10 @@ ssh_packet_close_internal(struct ssh *ssh, int do_close)
cipher_free(state->receive_context);
state->send_context = state->receive_context = NULL;
if (do_close) {
+ if (ssh->kex) {
+ kex_free(ssh->kex);
+ ssh->kex = NULL;
+ }
free(ssh->local_ipaddr);
ssh->local_ipaddr = NULL;
free(ssh->remote_ipaddr);
diff --git a/ssh.c b/ssh.c
index 91e7c35..a040204 100644
--- a/ssh.c
+++ b/ssh.c
@@ -169,7 +169,7 @@ char *host;
/* Various strings used to to percent_expand() arguments */
static char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV];
-static char uidstr[32], *host_arg, *conn_hash_hex;
+static char uidstr[32], *conn_hash_hex;
/* socket address the host resolves to */
struct sockaddr_storage hostaddr;
@@ -207,7 +207,7 @@ usage(void)
exit(255);
}
-static int ssh_session2(struct ssh *, struct passwd *);
+static int ssh_session2(struct ssh *, struct passwd *, char *host_arg);
static void load_public_identity_files(struct passwd *);
static void main_sigchld_handler(int);
@@ -584,7 +584,7 @@ main(int ac, char **av)
struct ssh *ssh = NULL;
int i, r, opt, exit_status, use_syslog, direct, timeout_ms;
int was_addr, config_test = 0, opt_terminated = 0, want_final_pass = 0;
- char *p, *cp, *line, *argv0, buf[PATH_MAX], *logfile;
+ char *p, *cp, *line, *argv0, buf[PATH_MAX], *logfile, *host_arg;
char cname[NI_MAXHOST];
struct stat st;
struct passwd *pw;
@@ -1523,8 +1523,12 @@ main(int ac, char **av)
}
skip_connect:
- exit_status = ssh_session2(ssh, pw);
+ exit_status = ssh_session2(ssh, pw, host_arg);
ssh_packet_close(ssh);
+ free(ssh);
+ ssh = NULL;
+ free(host_arg);
+ host_arg = NULL;
if (options.control_path != NULL && muxserver_sock != -1)
unlink(options.control_path);
@@ -1873,7 +1877,7 @@ ssh_session2_open(struct ssh *ssh)
}
static int
-ssh_session2(struct ssh *ssh, struct passwd *pw)
+ssh_session2(struct ssh *ssh, struct passwd *pw, char *host_arg)
{
int r, devnull, id = -1;
char *cp, *tun_fwd_ifname = NULL;
diff --git a/sshconnect2.c b/sshconnect2.c
index 8ce309b..058a8c4 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -313,7 +313,6 @@ int userauth_kbdint(struct ssh *);
int userauth_hostbased(struct ssh *);
#ifdef GSSAPI
-<<<<<<< HEAD
int userauth_gssapi(struct ssh *);
void userauth_gssapi_cleanup(struct ssh *);
static int input_gssapi_response(int type, u_int32_t, struct ssh *);
More information about the openssh-unix-dev
mailing list