Bug 2942

Summary:

minor memory leak in ssh_set_newkeys()

Product:

Portable OpenSSH

Reporter:

Markus <markus>

Component:

ssh

Assignee:

Assigned to nobody <unassigned-bugs>

Status:

CLOSED FIXED

Severity:

trivial

CC:

ahmedsayeed1982, djm

Priority:

Version:

7.9p1

Hardware:

All

OS:

Mac OS X

Attachments:

Description	Flags
patch to fix memory leak (proposal 1).	none

Description Markus 2018-12-07 21:19:40 AEDT

During initialization there a memory leak occurs in 
ssh_set_newkeys().

During startup  ssh_set_newkeys()  is called twice, once with MODE_OUT and once with MODE_IN.

Accordingly the ccp pointer points to state->send_context and state->receive_context

At this time state->newkeys[mode] is stil NULL, so the if-clause ("rekeying") does not apply.

Further down cipher_init(ccp, ) is called.

First thing that cipher_init() does is setting *ccp= NULL;  which is be equivalent to "state->send_context= NULL" (or "state->send_context= NULL").

These point to memory blocks already.
The pointers are lost, the memory leaks. 


Proposal: move 

		cipher_free(*ccp);
		*ccp = NULL;

from the "rekeying" if-clause and place these two lines before calling cipher_init().


Alternately add 

          if (*ccp!=NULL) {
		cipher_free(*ccp);
		*ccp = NULL;
          }

before calling cipher_init().

Comment 1 Markus 2018-12-07 21:23:38 AEDT

Created attachment 3215 [details]
patch to fix memory leak (proposal 1).

Comment 2 Damien Miller 2020-08-28 13:28:43 AEST

This was fixed back in OpenSSH 8.0 last year, but I forgot to update this bug at the time. Thanks!

Comment 3 Damien Miller 2021-04-23 15:03:35 AEST

closing resolved bugs as of 8.6p1 release

Comment 4 Ahmed Sayeed 2021-10-14 01:42:16 AEDT

[spam removed]