[PATCH] Potential leak of memory in ssh_packet_read_seqnr()

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

Currently there is a case where ssh_packet_read_seqnr returns without
calling free(setp).

This patch ensures that free gets called before returning.

diff --git a/packet.c b/packet.c
index ad1f6b49..47a1b951 100644
--- a/packet.c
+++ b/packet.c
@@ -1447,8 +1447,10 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char
*typep, u_int32_t *seqnr_p)
 				break;
 			}
 		}
-		if (r == 0)
-			return SSH_ERR_CONN_TIMEOUT;
+		if (r == 0) {
+			r = SSH_ERR_CONN_TIMEOUT;
+			goto out;
+		}
 		/* Read data from the socket. */
 		len = read(state->connection_in, buf, sizeof(buf));
 		if (len == 0) {
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux