| Summary: | memleak in import_environments | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Arthur Mesh <arthurmesh> | ||||
| Component: | sshd | Assignee: | Assigned to nobody <unassigned-bugs> | ||||
| Status: | CLOSED WONTFIX | ||||||
| Severity: | trivial | CC: | djm | ||||
| Priority: | P5 | ||||||
| Version: | 6.1p1 | ||||||
| Hardware: | All | ||||||
| OS: | All | ||||||
| Attachments: |
|
||||||
Unfortunately, it's not possible to safely free this here as pam_putenv() is underspecified: it is not guaranteed to either copy the environment it is setting or take over ownership of it. The safest behaviour here is just to accept the one-time leak :( I have added a comment to explain this in auth-pam.c close bugs that were resolved in OpenSSH 8.5 release cycle |
Created attachment 2189 [details] fix Potential fix attached.