Mailing List Archive

Memory leak, make_absolute_pwd_glob
We had one more report from Coverity Scan after we brought 9.1p1 into
the FreeBSD base system. It complains that calls like "path1 =
make_absolute_pwd_glob(path1, *pwd);" in sftp.c leak the allocation.

All make_absolute_pwd_glob() calls but one are of that form, so
perhaps have it consume and free the first arg, as below (and
https://reviews.freebsd.org/D37253)?

diff --git a/crypto/openssh/sftp.c b/crypto/openssh/sftp.cindex
c3c347e087e4..630e7773af75 100644
--- a/crypto/openssh/sftp.c
+++ b/crypto/openssh/sftp.c
@@ -621,14 +621,14 @@ escape_glob(const char *s)
}

static char *
-make_absolute_pwd_glob(const char *p, const char *pwd)
+make_absolute_pwd_glob(char *p, const char *pwd)
{
char *ret, *escpwd;

escpwd = escape_glob(pwd);
if (p == NULL)
return escpwd;
- ret = make_absolute(xstrdup(p), escpwd);
+ ret = make_absolute(p, escpwd);
free(escpwd);
return ret;
}
@@ -641,7 +641,7 @@ process_get(struct sftp_conn *conn, const char
*src, const char *dst,
glob_t g;
int i, r, err = 0;

- abs_src = make_absolute_pwd_glob(src, pwd);
+ abs_src = make_absolute_pwd_glob(xstrdup(src), pwd);
memset(&g, 0, sizeof(g));

debug3("Looking up %s", abs_src);
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev