Bug 3403 - Memory leak
Summary: Memory leak
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: scp (show other bugs)
Version: 8.9p1
Hardware: Other Windows 10
: P5 enhancement
Assignee: Damien Miller
URL:
Keywords:
Depends on:
Blocks: V_9_0
  Show dependency treegraph
 
Reported: 2022-03-12 12:35 AEDT by balu
Modified: 2022-10-04 21:58 AEDT (History)
2 users (show)

See Also:

Attachments
use freeargs(), more addargs(), etc paranoia (2.07 KB, patch)
2022-03-18 13:52 AEDT, Damien Miller 		dtucker: ok+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description balu 2022-03-12 12:35:30 AEDT 
In the else loop, the args.list is set to NULL without releasing memory resulting in a memory leak.

static struct sftp_conn *
do_sftp_connect(char *host, char *user, int port, char *sftp_direct,
   int *reminp, int *remoutp, int *pidp)
{
	if (sftp_direct == NULL) {
		if (do_cmd(ssh_program, host, user, port, 1, "sftp",
		    reminp, remoutp, pidp) < 0)
			return NULL;

	} else {
		args.list = NULL;
		addargs(&args, "sftp-server");
		if (do_cmd(sftp_direct, host, NULL, -1, 0, "sftp",
		    reminp, remoutp, pidp) < 0)
			return NULL;
	}
	return do_init(*reminp, *remoutp, 32768, 64, limit_kbps);
}
Comment 1 Damien Miller 2022-03-18 13:52:08 AEDT 
Created attachment 3585 [details]
use freeargs(), more addargs(), etc paranoia
Comment 2 Damien Miller 2022-03-21 12:59:01 AEDT 
Thanks - fix has been applied and will be in OpenSSH 9.0


commit 16ea8b85838dd7a4dbeba4e51ac4f43fd68b1e5b (HEAD -> master, origin/master, origin/HEAD)
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sun Mar 20 08:52:17 2022 +0000

    upstream: don't leak argument list; bz3404, reported by Balu
    
    Gajjala ok dtucker@
    
    OpenBSD-Commit-ID: fddc32d74e5dd5cff1a49ddd6297b0867eae56a6
Comment 3 Damien Miller 2022-10-04 21:58:04 AEDT 
Closing bugs from OpenSSH 9.1 release cycle