openssh bugs - Feb 2023 - [Bug 3539] New: sshbuf memory leak in recv_rexec_state()

https://bugzilla.mindrot.org/show_bug.cgi?id=3539

            Bug ID: 3539
           Summary: sshbuf memory leak in recv_rexec_state()
           Product: Portable OpenSSH
           Version: 9.1p1
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: mbr at cipherdyne.org

Created attachment 3671
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3671&action=edit
fix sshbuf memory leak in recv_rexec_state()

In recv_rexec_state() the sshbuf 'inc' is not free'd before
returning.
The attached trivial patch fixes this, and matches the behavior of
send_rexec_state() which does free a similarly allocated buffer of the
same name.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3539

Michael Rash <mbr at cipherdyne.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mbr at cipherdyne.org

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3539

Michael Rash <mbr at cipherdyne.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3671|0                           |1
        is obsolete|                            |

--- Comment #1 from Michael Rash <mbr at cipherdyne.org> ---
Created attachment 3672
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3672&action=edit
fix sshbuf memory leak in recv_rexec_state()

Here is a patch with tabs instead of spaces to align with coding style.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3539

--- Comment #2 from Michael Rash <mbr at cipherdyne.org> ---
(In reply to Michael Rash from comment #1)
> Created attachment 3672 [details]
> fix sshbuf memory leak in recv_rexec_state()
> 
> Here is a patch with tabs instead of spaces to align with coding
> style.
In recv_rexec_state() the sshbuf 'inc' is not free'd before
returning.
The attached trivial patch fixes this, and matches the behavior of
send_rexec_state() which does free a similarly allocated buffer of the
same name.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.