Bug 3539

Summary:

sshbuf memory leak in recv_rexec_state()

Product:

Portable OpenSSH

Reporter:

Michael Rash <mbr>

Component:

sshd

Assignee:

Assigned to nobody <unassigned-bugs>

Status:

NEW ---

Severity:

normal

CC:

mbr

Priority:

Version:

9.1p1

Hardware:

All

OS:

All

Attachments:

Description	Flags
fix sshbuf memory leak in recv_rexec_state()	none
fix sshbuf memory leak in recv_rexec_state()	none

Description Michael Rash 2023-02-14 01:05:57 AEDT

Created attachment 3671 [details]
fix sshbuf memory leak in recv_rexec_state()

In recv_rexec_state() the sshbuf 'inc' is not free'd before returning. The attached trivial patch fixes this, and matches the behavior of send_rexec_state() which does free a similarly allocated buffer of the same name.

Comment 1 Michael Rash 2023-02-14 01:19:56 AEDT

Created attachment 3672 [details]
fix sshbuf memory leak in recv_rexec_state()

Here is a patch with tabs instead of spaces to align with coding style.

Comment 2 Michael Rash 2023-02-14 01:21:17 AEDT

(In reply to Michael Rash from comment #1)
> Created attachment 3672 [details]
> fix sshbuf memory leak in recv_rexec_state()
> 
> Here is a patch with tabs instead of spaces to align with coding
> style.

In recv_rexec_state() the sshbuf 'inc' is not free'd before returning. The attached trivial patch fixes this, and matches the behavior of send_rexec_state() which does free a similarly allocated buffer of the same name.