https://bugzilla.mindrot.org/show_bug.cgi?id=3189
Bug ID: 3189
Summary: channel mux_ctx memory leak
Product: Portable OpenSSH
Version: 8.3p1
Hardware: ix86
OS: Linux
Status: NEW
Severity: critical
Priority: P5
Component: ssh
Assignee: unassigned-bugs@mindrot.org
Reporter: sergiy.lozovsky@gmail.com
mux_ctx is allocated at mux_master_read_cb() but not freed.
This can cause ssh process memory leak when multiplexing is used.
Steps to reproduce:
- Create ControlMaster
$ ./ssh -o ControlPath=~/.ssh/mux -o ControlMaster=yes -N -n
localhost
- Use multiplexing
$ while true; do ./ssh -o ControlPath=~/.ssh/mux localhost true;
done
- Watch RSS of ssh process
[eiichi at build-c7 ~]$ LANG=C pidstat -r -p 62937 10 60
Linux 3.10.0-1062.9.1.el7.x86_64 (build-c7) 05/21/20
_x86_64_ (8 CPU)
08:20:50 PID minflt/s majflt/s VSZ RSS %MEM
Command
08:21:00 62937 0.40 0.00 128032 2920 0.04 ssh
08:21:10 62937 0.30 0.00 128164 2920 0.04 ssh
08:21:20 62937 0.40 0.00 128164 2920 0.04 ssh
08:21:30 62937 0.50 0.00 128164 2920 0.04 ssh
08:21:40 62937 0.40 0.00 128164 2920 0.04 ssh
08:21:50 62937 0.40 0.00 128164 2920 0.04 ssh
08:22:00 62937 0.40 0.00 128164 2920 0.04 ssh
08:22:10 62937 0.40 0.00 128164 2920 0.04 ssh
08:22:20 62937 0.40 0.00 128164 2920 0.04 ssh
08:22:30 62937 0.40 0.00 128292 3068 0.04 ssh
08:22:40 62937 0.30 0.00 128292 3068 0.04 ssh
08:22:50 62937 0.40 0.00 128292 3068 0.04 ssh
08:23:00 62937 0.40 0.00 128292 3068 0.04 ssh
08:23:10 62937 0.40 0.00 128292 3068 0.04 ssh
08:23:20 62937 0.40 0.00 128292 3068 0.04 ssh
08:23:30 62937 0.30 0.00 128292 3068 0.04 ssh
08:23:40 62937 0.40 0.00 128292 3068 0.04 ssh
08:23:50 62937 0.40 0.00 128292 3068 0.04 ssh
08:24:00 62937 0.40 0.00 128420 3196 0.04 ssh
08:24:10 62937 0.40 0.00 128420 3196 0.04 ssh
08:24:20 62937 0.40 0.00 128420 3196 0.04 ssh
Fix:
diff --git a/channels.c b/channels.c
index 95a51e2..74b3cec 100644
--- a/channels.c
+++ b/channels.c
@@ -621,6 +621,8 @@ channel_free(struct ssh *ssh, Channel *c)
c->path = NULL;
free(c->listening_addr);
c->listening_addr = NULL;
+ free(c->mux_ctx);
+ c->mux_ctx = NULL;
while ((cc = TAILQ_FIRST(&c->status_confirms)) != NULL) {
if (cc->abandon_cb != NULL)
cc->abandon_cb(ssh, c, cc->ctx);
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
Bug ID: 3189
Summary: channel mux_ctx memory leak
Product: Portable OpenSSH
Version: 8.3p1
Hardware: ix86
OS: Linux
Status: NEW
Severity: critical
Priority: P5
Component: ssh
Assignee: unassigned-bugs@mindrot.org
Reporter: sergiy.lozovsky@gmail.com
mux_ctx is allocated at mux_master_read_cb() but not freed.
This can cause ssh process memory leak when multiplexing is used.
Steps to reproduce:
- Create ControlMaster
$ ./ssh -o ControlPath=~/.ssh/mux -o ControlMaster=yes -N -n
localhost
- Use multiplexing
$ while true; do ./ssh -o ControlPath=~/.ssh/mux localhost true;
done
- Watch RSS of ssh process
[eiichi at build-c7 ~]$ LANG=C pidstat -r -p 62937 10 60
Linux 3.10.0-1062.9.1.el7.x86_64 (build-c7) 05/21/20
_x86_64_ (8 CPU)
08:20:50 PID minflt/s majflt/s VSZ RSS %MEM
Command
08:21:00 62937 0.40 0.00 128032 2920 0.04 ssh
08:21:10 62937 0.30 0.00 128164 2920 0.04 ssh
08:21:20 62937 0.40 0.00 128164 2920 0.04 ssh
08:21:30 62937 0.50 0.00 128164 2920 0.04 ssh
08:21:40 62937 0.40 0.00 128164 2920 0.04 ssh
08:21:50 62937 0.40 0.00 128164 2920 0.04 ssh
08:22:00 62937 0.40 0.00 128164 2920 0.04 ssh
08:22:10 62937 0.40 0.00 128164 2920 0.04 ssh
08:22:20 62937 0.40 0.00 128164 2920 0.04 ssh
08:22:30 62937 0.40 0.00 128292 3068 0.04 ssh
08:22:40 62937 0.30 0.00 128292 3068 0.04 ssh
08:22:50 62937 0.40 0.00 128292 3068 0.04 ssh
08:23:00 62937 0.40 0.00 128292 3068 0.04 ssh
08:23:10 62937 0.40 0.00 128292 3068 0.04 ssh
08:23:20 62937 0.40 0.00 128292 3068 0.04 ssh
08:23:30 62937 0.30 0.00 128292 3068 0.04 ssh
08:23:40 62937 0.40 0.00 128292 3068 0.04 ssh
08:23:50 62937 0.40 0.00 128292 3068 0.04 ssh
08:24:00 62937 0.40 0.00 128420 3196 0.04 ssh
08:24:10 62937 0.40 0.00 128420 3196 0.04 ssh
08:24:20 62937 0.40 0.00 128420 3196 0.04 ssh
Fix:
diff --git a/channels.c b/channels.c
index 95a51e2..74b3cec 100644
--- a/channels.c
+++ b/channels.c
@@ -621,6 +621,8 @@ channel_free(struct ssh *ssh, Channel *c)
c->path = NULL;
free(c->listening_addr);
c->listening_addr = NULL;
+ free(c->mux_ctx);
+ c->mux_ctx = NULL;
while ((cc = TAILQ_FIRST(&c->status_confirms)) != NULL) {
if (cc->abandon_cb != NULL)
cc->abandon_cb(ssh, c, cc->ctx);
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs