openssh bugs - Aug 2018 - [Bug 2898] New: Memory leak in userauth_pubkey

https://bugzilla.mindrot.org/show_bug.cgi?id=2898

            Bug ID: 2898
           Summary: Memory leak in userauth_pubkey
           Product: Portable OpenSSH
           Version: -current
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: cjwatson at debian.org

Created attachment 3171
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3171&action=edit
Fix memory leak in userauth_pubkey

While reviewing a backport of commit
74287f5df9966a0648b4a68417451dd18f079ab8 (OpenBSD
b4891882fbe413f230fe8ac8a37349b03bd0b70d; the "delay bailout for
invalid authenticating user" patch), I noticed that the change to
initialise b to NULL didn't seem to be paired with corresponding
cleanup code in the way that I'd expect.  I think there's a memory leak
on one error path.  Patch attached (only compile-tested).

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2898

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
                 CC|                            |djm at mindrot.org
             Blocks|                            |2852
             Status|NEW                         |RESOLVED

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
This was committed back in August and made the openssh-7.8 release


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2852
[Bug 2852] Tracking bug for OpenSSH 7.8 release
-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2898

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Close RESOLVED bugs with the release of openssh-8.0

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.