bugzilla-daemon at mindrot.org
2015-May-20 06:38 UTC
[Bug 2401] New: sshd copying options leaks memory
https://bugzilla.mindrot.org/show_bug.cgi?id=2401
Bug ID: 2401
Summary: sshd copying options leaks memory
Product: Portable OpenSSH
Version: 6.8p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: jjelen at redhat.com
Created attachment 2623
--> https://bugzilla.mindrot.org/attachment.cgi?id=2623&action=edit
proposed patch
To continue with my thematic reports about memory usage, valgrind
showed up some more memory problems around handling server options. And
after some basic understanding of what is going on around there, I came
to this upstream commit:
https://anongit.mindrot.org/openssh.git/commit/?id=d8478b6a9b32760d47c2419279c4a73f5f88fdb6
The core of problem is that when you read options from file, you
allocate memory for them and then you copy them to another options
structure using xstrdup, which leaves behind two copies abandoned. One
is still left in old array (never freed) and the other is overwritten
by a copy you are assigning to the target array.
Proposing patch that handles memory proper way:
1) In first cycle go through the target array and free all strings
2) In second cycle move values from first array to the other
It requires one more variable to operate (chosen classic i).
Fortunately, the macro can't be used anywhere else so we can depend on
local variable.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Mar-26 14:17 UTC
[Bug 2401] sshd copying options leaks memory
https://bugzilla.mindrot.org/show_bug.cgi?id=2401
Jakub Jelen <jjelen at redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #1 from Jakub Jelen <jjelen at redhat.com> ---
This looks like resolved by the following upstream commit:
https://github.com/openssh/openssh-portable/commit/dceabc7ad
Thank you for taking care of this.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Apr-23 04:59 UTC
[Bug 2401] sshd copying options leaks memory
https://bugzilla.mindrot.org/show_bug.cgi?id=2401
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #2 from Damien Miller <djm at mindrot.org> ---
closing resolved bugs as of 8.6p1 release
--
You are receiving this mail because:
You are watching the assignee of the bug.
Reasonably Related Threads
- [Bug 2373] New: memory leak in sshd.c:2262
- [Bug 2394] New: Provide a global configuration option to disable ControlPersist
- [Bug 2346] New: sshd -T doesn't write all configuration options in valid format
- [Bug 2386] New: TERM env variable is always accepted by sshd, regardless the empty AcceptEnv setting
- [Bug 2512] New: Use IP_FREEBIND if available for sshd listening socket