thr3ads.net - openssh bugs - [Bug 2942] New: minor memory leak in ssh_set

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon at bugzilla.mindrot.org

2018-Dec-07 10:19 UTC

[Bug 2942] New: minor memory leak in ssh_set_newkeys()

https://bugzilla.mindrot.org/show_bug.cgi?id=2942

            Bug ID: 2942
           Summary: minor memory leak in ssh_set_newkeys()
           Product: Portable OpenSSH
           Version: 7.9p1
          Hardware: All
                OS: Mac OS X
            Status: NEW
          Severity: trivial
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: markus at blueflash.cc

During initialization there a memory leak occurs in 
ssh_set_newkeys().

During startup  ssh_set_newkeys()  is called twice, once with MODE_OUT
and once with MODE_IN.

Accordingly the ccp pointer points to state->send_context and
state->receive_context

At this time state->newkeys[mode] is stil NULL, so the if-clause
("rekeying") does not apply.

Further down cipher_init(ccp, ) is called.

First thing that cipher_init() does is setting *ccp= NULL;  which is be
equivalent to "state->send_context= NULL" (or
"state->send_contextNULL").

These point to memory blocks already.
The pointers are lost, the memory leaks. 


Proposal: move 

                cipher_free(*ccp);
                *ccp = NULL;

from the "rekeying" if-clause and place these two lines before calling
cipher_init().


Alternately add 

          if (*ccp!=NULL) {
                cipher_free(*ccp);
                *ccp = NULL;
          }

before calling cipher_init().

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

bugzilla-daemon at bugzilla.mindrot.org

2018-Dec-07 10:23 UTC

head link

[Bug 2942] minor memory leak in ssh_set_newkeys()

https://bugzilla.mindrot.org/show_bug.cgi?id=2942

--- Comment #1 from Markus <markus at blueflash.cc> ---
Created attachment 3215
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3215&action=edit
patch to fix memory leak (proposal 1).

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

bugzilla-daemon at mindrot.org

2020-Aug-28 03:28 UTC

head link

[Bug 2942] minor memory leak in ssh_set_newkeys()

https://bugzilla.mindrot.org/show_bug.cgi?id=2942

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED
                 CC|                            |djm at mindrot.org

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
This was fixed back in OpenSSH 8.0 last year, but I forgot to update
this bug at the time. Thanks!

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

bugzilla-daemon at mindrot.org

2021-Apr-23 05:03 UTC

head link

[Bug 2942] minor memory leak in ssh_set_newkeys()

https://bugzilla.mindrot.org/show_bug.cgi?id=2942

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #3 from Damien Miller <djm at mindrot.org> ---
closing resolved bugs as of 8.6p1 release

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

bugzilla-daemon at mindrot.org

2021-Oct-13 14:42 UTC

head link

[Bug 2942] minor memory leak in ssh_set_newkeys()

https://bugzilla.mindrot.org/show_bug.cgi?id=2942

Ahmed Sayeed <ahmedsayeed1982 at yahoo.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ahmedsayeed1982 at yahoo.com

--- Comment #4 from Ahmed Sayeed <ahmedsayeed1982 at yahoo.com> ---
#0  0x000055befa524260 in execute_cfa_program (fde=0x621000f84c90,
http://www-look-4.com/technology/peugeot-208/ insn_ptr=0x7fab8d86da86
<error: Cannot access memory at address 0x7fab8d86da86>,
insn_end=0x7fab8d86da90 <error: Cannot access memory at address
0x7fab8d86da90>, gdbarch=0x621000be3d10,
https://komiya-dental.com/computers/huawei-technology/
pc=0xffffffff81b3318e, fs=0x7ffe0a288d10, text_offset=0x0) at
/home/smarchi/src/binutils-gdb/gdb/dwarf2/frame.c:367
http://www.iu-bloomington.com/crypto/china-affect-on-crypto/ 
#1  0x000055befa52bf02 in dwarf2_frame_cache
(this_frame=0x6210006cfde0, this_cache=0x6210006cfdf8)
https://waytowhatsnext.com/crypto/cryptocurrency-taxes/ at
/home/smarchi/src/binutils-gdb/gdb/dwarf2/frame.c:1025
#2  0x000055befa52ea38 in dwarf2_frame_this_id
(this_frame=0x6210006cfde0,
http://www.wearelondonmade.com/services/car-repair-services/ 
this_cache=0x6210006cfdf8, this_id=0x6210006cfe40) at
/home/smarchi/src/binutils-gdb/gdb/dwarf2/frame.c:1226
http://www.jopspeech.com/property/slim-pen-2/
#3  0x000055befa8dde95 in compute_frame_id (fi=0x6210006cfde0) at
/home/smarchi/src/binutils-gdb/gdb/frame.c:588
http://joerg.li/tech/cars-comparison/
#4  0x000055befa8de53e in get_frame_id (fi=0x6210006cfde0) at
/home/smarchi/src/binutils-gdb/gdb/frame.c:636
http://connstr.net/tech/mars-surface/
#5  0x000055befa8ecf33 in get_prev_frame (this_frame=0x6210006cfde0) at
/home/smarchi/src/binutils-gdb/gdb/frame.c:2504
http://embermanchester.uk/property/chat-themes/
#6  0x000055befb1ff582 in frame_info_to_frame_object
(frame=0x6210006cfde0) at
/home/smarchi/src/binutils-gdb/gdb/python/py-frame.c:364
http://www.slipstone.co.uk/computers/isofix/ 
#7  0x000055befb201016 in gdbpy_newest_frame (self=0x7fabbcb11a40,
args=0x0) at /home/smarchi/src/binutils-gdb/gdb/python/py-frame.c:599
#8  0x00007fabc25f01aa in cfunction_vectorcall_NOARGS
(func=0x7fabbca78d60, args=<optimized out>, nargsf=<optimized out>,
kwnames=<optimized out>) at ../Objects/methodobject.c:459
http://www.logoarts.co.uk/tech/drone-cameras/
#9  0x00007fabc2405d6d in _PyObject_Vectorcall (kwnames=<optimized
out>, nargsf=<optimized out>, args=<optimized out>,
callable=<optimized
out>) at ../Include/cpython/abstract.h:127
http://www.acpirateradio.co.uk/property/applications/ 
#10 call_function (tstate=0x612000009940, pp_stack=0x7ffe0a289370,
oparg=<optimized out>, kwnames=0x0) at ../Python/ceval.c:4963
http://www.compilatori.com/health/premium-subscription/
#11 0x00007fabc240def6 in _PyEval_EvalFrameDefault (f=<optimized out>,
throwflag=<optimized out>) at ../Python/ceval.c:3469
https://www.webb-dev.co.uk/shopping/shopping-during-corona/ 
#12 0x00007fabc241106b in function_code_fastcall (co=<optimized out>,
args=<optimized out>, nargs=1, globals=<optimized out>) at
../Objects/call.c:283

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

Maybe Matching Threads

Search for more reasonably related threads

openssh bugs - Dec 2018 - [Bug 2942] New: minor memory leak in ssh_set_newkeys()

[Bug 2942] New: minor memory leak in ssh_set_newkeys()

[Bug 2942] minor memory leak in ssh_set_newkeys()

[Bug 2942] minor memory leak in ssh_set_newkeys()

[Bug 2942] minor memory leak in ssh_set_newkeys()

[Bug 2942] minor memory leak in ssh_set_newkeys()

Maybe Matching Threads