Bug 3403

Summary: Memory leak
Product: Portable OpenSSH Reporter: balu <balu.gajjala>
Component: scpAssignee: Damien Miller <djm>
Status: CLOSED FIXED    
Severity: enhancement CC: djm, dtucker
Priority: P5    
Version: 8.9p1   
Hardware: Other   
OS: Windows 10   
Bug Depends on:    
Bug Blocks: 3395    
Attachments:
Description Flags
use freeargs(), more addargs(), etc paranoia dtucker: ok+

Description balu 2022-03-12 12:35:30 AEDT 
In the else loop, the args.list is set to NULL without releasing memory resulting in a memory leak.

static struct sftp_conn *
do_sftp_connect(char *host, char *user, int port, char *sftp_direct,
   int *reminp, int *remoutp, int *pidp)
{
	if (sftp_direct == NULL) {
		if (do_cmd(ssh_program, host, user, port, 1, "sftp",
		    reminp, remoutp, pidp) < 0)
			return NULL;

	} else {
		args.list = NULL;
		addargs(&args, "sftp-server");
		if (do_cmd(sftp_direct, host, NULL, -1, 0, "sftp",
		    reminp, remoutp, pidp) < 0)
			return NULL;
	}
	return do_init(*reminp, *remoutp, 32768, 64, limit_kbps);
}
Comment 1 Damien Miller 2022-03-18 13:52:08 AEDT 
Created attachment 3585 [details]
use freeargs(), more addargs(), etc paranoia
Comment 2 Damien Miller 2022-03-21 12:59:01 AEDT 
Thanks - fix has been applied and will be in OpenSSH 9.0


commit 16ea8b85838dd7a4dbeba4e51ac4f43fd68b1e5b (HEAD -> master, origin/master, origin/HEAD)
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sun Mar 20 08:52:17 2022 +0000

    upstream: don't leak argument list; bz3404, reported by Balu
    
    Gajjala ok dtucker@
    
    OpenBSD-Commit-ID: fddc32d74e5dd5cff1a49ddd6297b0867eae56a6
Comment 3 Damien Miller 2022-10-04 21:58:04 AEDT 
Closing bugs from OpenSSH 9.1 release cycle