The bug is pretty simple: bn_print.c in openssl-0.9.6's crypto lib
says you must use OPENSSL_free on the return value from Bn_bn2dec, yet
key.c simply calls free on the buffer.
I changed it, but it didn't fix the problem I'm seeing. I don't
know
if what I'm seeing is a known bug (didn't see it anywhere on the web
site).
I get a core dump when trying to connect to another machine. It cores
in BN_bn2dec in CRYPTO_malloc, all in openssl's cryptolib, but I think
it's because openssh is not initiallizing the openssl malloc machine
(there is a comment in the openssl source about calling
CRYPTO_malloc_init, but it's in the SSLEAY CHANGES. . .).
Just FYI: It's a sparc running Solaris 8.
Will provide further details upon request, but the actual bug is not
calling OPENSSL_free on the returned buffer from BN_bn2dec, which may
or may not be excaserbating my coredumps. . . :-)
Sean Kamath
