bugzilla-daemon at mindrot.org
2015-Jun-05 03:38 UTC
[Bug 1967] Potential memory leak in ssh [detected by melton]
https://bugzilla.mindrot.org/show_bug.cgi?id=1967 --- Comment #17 from Damien Miller <djm at mindrot.org> --- Comment on attachment 2124 --> https://bugzilla.mindrot.org/attachment.cgi?id=2124 fix memory leaks I think there is nothing left to do here:>--- mux.c 18 Dec 2011 23:52:21 -0000 1.35 >+++ mux.c 30 Dec 2011 09:19:51 -0000All committed>Index: readconf.c >==================================================================>RCS file: /home/dtucker/openssh/cvs/openssh/readconf.c,v >retrieving revision 1.174 >diff -u -p -r1.174 readconf.c >--- readconf.c 2 Oct 2011 07:59:03 -0000 1.174 >+++ readconf.c 30 Dec 2011 09:42:23 -0000 >@@ -1063,6 +1063,8 @@ parse_int: > fatal("%.200s line %d: garbage at end of line; \"%.200s\".", > filename, linenum, arg); > } >+ if (arg != NULL) >+ xfree(arg); > return 0;This is incorrect - arg comes from strdelim here and is a pointer somewhere inside the line being parsed. It cannot be freed itself.>--- sshconnect2.c 29 May 2011 11:42:34 -0000 1.180 >+++ sshconnect2.c 30 Dec 2011 09:27:33 -0000 >@@ -1323,8 +1323,11 @@ load_identity_file(char *filename) > return NULL; > } > private = key_load_private_type(KEY_UNSPEC, filename, "", NULL, &perm_ok); >- if (!perm_ok) >+ if (!perm_ok) { >+ if (private != NULL) >+ key_free(private);This code has been refactored and the leak eliminated.>@@ -1892,9 +1895,9 @@ authmethod_get(char *authlist) > xfree(name); > return current; > } >+ if (name != NULL) >+ xfree(name);This is already there. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.