bugzilla-daemon at bugzilla.mindrot.org
2018-Dec-07 10:19 UTC
[Bug 2942] New: minor memory leak in ssh_set_newkeys()
bugzilla.mindrot.org/show_bug.cgi?id=2942 Bug ID: 2942 Summary: minor memory leak in ssh_set_newkeys() Product: Portable OpenSSH Version: 7.9p1 Hardware: All OS: Mac OS X Status: NEW Severity: trivial Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: markus at blueflash.cc During initialization there a memory leak occurs in ssh_set_newkeys(). During startup ssh_set_newkeys() is called twice, once with MODE_OUT and once with MODE_IN. Accordingly the ccp pointer points to state->send_context and state->receive_context At this time state->newkeys[mode] is stil NULL, so the if-clause ("rekeying") does not apply. Further down cipher_init(ccp, ) is called. First thing that cipher_init() does is setting *ccp= NULL; which is be equivalent to "state->send_context= NULL" (or "state->send_contextNULL"). These point to memory blocks already. The pointers are lost, the memory leaks. Proposal: move cipher_free(*ccp); *ccp = NULL; from the "rekeying" if-clause and place these two lines before calling cipher_init(). Alternately add if (*ccp!=NULL) { cipher_free(*ccp); *ccp = NULL; } before calling cipher_init(). -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Dec-07 10:23 UTC
[Bug 2942] minor memory leak in ssh_set_newkeys()
bugzilla.mindrot.org/show_bug.cgi?id=2942 --- Comment #1 from Markus <markus at blueflash.cc> --- Created attachment 3215 --> bugzilla.mindrot.org/attachment.cgi?id=3215&action=edit patch to fix memory leak (proposal 1). -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2020-Aug-28 03:28 UTC
[Bug 2942] minor memory leak in ssh_set_newkeys()
bugzilla.mindrot.org/show_bug.cgi?id=2942 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED CC| |djm at mindrot.org --- Comment #2 from Damien Miller <djm at mindrot.org> --- This was fixed back in OpenSSH 8.0 last year, but I forgot to update this bug at the time. Thanks! -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Apr-23 05:03 UTC
[Bug 2942] minor memory leak in ssh_set_newkeys()
bugzilla.mindrot.org/show_bug.cgi?id=2942 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #3 from Damien Miller <djm at mindrot.org> --- closing resolved bugs as of 8.6p1 release -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2021-Oct-13 14:42 UTC
[Bug 2942] minor memory leak in ssh_set_newkeys()
bugzilla.mindrot.org/show_bug.cgi?id=2942 Ahmed Sayeed <ahmedsayeed1982 at yahoo.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ahmedsayeed1982 at yahoo.com --- Comment #4 from Ahmed Sayeed <ahmedsayeed1982 at yahoo.com> --- #0 0x000055befa524260 in execute_cfa_program (fde=0x621000f84c90, www-look-4.com/technology/peugeot-208 insn_ptr=0x7fab8d86da86 <error: Cannot access memory at address 0x7fab8d86da86>, insn_end=0x7fab8d86da90 <error: Cannot access memory at address 0x7fab8d86da90>, gdbarch=0x621000be3d10, komiya-dental.com/computers/huawei-technology pc=0xffffffff81b3318e, fs=0x7ffe0a288d10, text_offset=0x0) at /home/smarchi/src/binutils-gdb/gdb/dwarf2/frame.c:367 iu-bloomington.com/crypto/china-affect-on-crypto #1 0x000055befa52bf02 in dwarf2_frame_cache (this_frame=0x6210006cfde0, this_cache=0x6210006cfdf8) waytowhatsnext.com/crypto/cryptocurrency-taxes at /home/smarchi/src/binutils-gdb/gdb/dwarf2/frame.c:1025 #2 0x000055befa52ea38 in dwarf2_frame_this_id (this_frame=0x6210006cfde0, wearelondonmade.com/services/car-repair-services this_cache=0x6210006cfdf8, this_id=0x6210006cfe40) at /home/smarchi/src/binutils-gdb/gdb/dwarf2/frame.c:1226 jopspeech.com/property/slim-pen-2 #3 0x000055befa8dde95 in compute_frame_id (fi=0x6210006cfde0) at /home/smarchi/src/binutils-gdb/gdb/frame.c:588 joerg.li/tech/cars-comparison #4 0x000055befa8de53e in get_frame_id (fi=0x6210006cfde0) at /home/smarchi/src/binutils-gdb/gdb/frame.c:636 connstr.net/tech/mars-surface #5 0x000055befa8ecf33 in get_prev_frame (this_frame=0x6210006cfde0) at /home/smarchi/src/binutils-gdb/gdb/frame.c:2504 embermanchester.uk/property/chat-themes #6 0x000055befb1ff582 in frame_info_to_frame_object (frame=0x6210006cfde0) at /home/smarchi/src/binutils-gdb/gdb/python/py-frame.c:364 slipstone.co.uk/computers/isofix #7 0x000055befb201016 in gdbpy_newest_frame (self=0x7fabbcb11a40, args=0x0) at /home/smarchi/src/binutils-gdb/gdb/python/py-frame.c:599 #8 0x00007fabc25f01aa in cfunction_vectorcall_NOARGS (func=0x7fabbca78d60, args=<optimized out>, nargsf=<optimized out>, kwnames=<optimized out>) at ../Objects/methodobject.c:459 logoarts.co.uk/tech/drone-cameras #9 0x00007fabc2405d6d in _PyObject_Vectorcall (kwnames=<optimized out>, nargsf=<optimized out>, args=<optimized out>, callable=<optimized out>) at ../Include/cpython/abstract.h:127 acpirateradio.co.uk/property/applications #10 call_function (tstate=0x612000009940, pp_stack=0x7ffe0a289370, oparg=<optimized out>, kwnames=0x0) at ../Python/ceval.c:4963 compilatori.com/health/premium-subscription #11 0x00007fabc240def6 in _PyEval_EvalFrameDefault (f=<optimized out>, throwflag=<optimized out>) at ../Python/ceval.c:3469 webb-dev.co.uk/shopping/shopping-during-corona #12 0x00007fabc241106b in function_code_fastcall (co=<optimized out>, args=<optimized out>, nargs=1, globals=<optimized out>) at ../Objects/call.c:283 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.