Boris Tonofa
2025-Jun-13 20:23 UTC
[PATCH] fix memory leak in mux_client_request_stdio_fwd
Hi, This patch fixes a memory leak in mux_client_request_stdio_fwd(). If mux_client_read_packet() returned early due to EPIPE or EINTR, the function exited without freeing the buffer allocated with sshbuf_new(). This patch ensures the sshbuf is always freed on all return paths. The patch applies cleanly to current master and passes all CI tests. GitHub mirror PR (with CI results): https://github.com/openssh/openssh-portable/pull/575 Please review. Thanks, Boris From 65fcdc9253518912d859bd6427a9c24d786da4e2 Mon Sep 17 00:00:00 2001 From: Boris Tonofa <b.tonofa at ideco.ru> Date: Fri, 13 Jun 2025 00:06:32 +0300 Subject: [PATCH] fix memory leak in mux_client_request_stdio_fwd --- mux.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/mux.c b/mux.c index 415024f74..1069e3df4 100644 --- a/mux.c +++ b/mux.c @@ -2202,8 +2202,10 @@ mux_client_request_stdio_fwd(int fd) sshbuf_reset(m); if (mux_client_read_packet(fd, m) != 0) { if (errno == EPIPE || - (errno == EINTR && muxclient_terminate != 0)) + (errno == EINTR && muxclient_terminate != 0)) { + sshbuf_free(m); return 0; + } fatal_f("mux_client_read_packet: %s", strerror(errno)); } fatal_f("master returned unexpected message %u", type); -- 2.47.0