Mailing List Archive

Memory leak, make_absolute_pwd_glob
We had one more report from Coverity Scan after we brought 9.1p1 into
the FreeBSD base system. It complains that calls like "path1 =
make_absolute_pwd_glob(path1, *pwd);" in sftp.c leak the allocation.

All make_absolute_pwd_glob() calls but one are of that form, so
perhaps have it consume and free the first arg, as below (and
https://reviews.freebsd.org/D37253)?

diff --git a/crypto/openssh/sftp.c b/crypto/openssh/sftp.cindex
c3c347e087e4..630e7773af75 100644
--- a/crypto/openssh/sftp.c
+++ b/crypto/openssh/sftp.c
@@ -621,14 +621,14 @@ escape_glob(const char *s)
}

static char *
-make_absolute_pwd_glob(const char *p, const char *pwd)
+make_absolute_pwd_glob(char *p, const char *pwd)
{
char *ret, *escpwd;

escpwd = escape_glob(pwd);
if (p == NULL)
return escpwd;
- ret = make_absolute(xstrdup(p), escpwd);
+ ret = make_absolute(p, escpwd);
free(escpwd);
return ret;
}
@@ -641,7 +641,7 @@ process_get(struct sftp_conn *conn, const char
*src, const char *dst,
glob_t g;
int i, r, err = 0;

- abs_src = make_absolute_pwd_glob(src, pwd);
+ abs_src = make_absolute_pwd_glob(xstrdup(src), pwd);
memset(&g, 0, sizeof(g));

debug3("Looking up %s", abs_src);
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: Memory leak, make_absolute_pwd_glob [ In reply to ]
On Fri, 11 Nov 2022 at 11:05, Ed Maste <emaste@freebsd.org> wrote:
>
> We had one more report from Coverity Scan after we brought 9.1p1 into
> the FreeBSD base system. It complains that calls like "path1 =
> make_absolute_pwd_glob(path1, *pwd);" in sftp.c leak the allocation.

I see this same issue has since been reported by Coverity upstream and
fixed in 36c6c3eff5e4, but that change still missed all of the other
leaks addressed by my change.

Updated patch in https://reviews.freebsd.org/D37253
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: Memory leak, make_absolute_pwd_glob [ In reply to ]
On Wed, 22 Mar 2023 at 06:14, Ed Maste <emaste@freebsd.org> wrote:
[...]
> I see this same issue has since been reported by Coverity upstream and
> fixed in 36c6c3eff5e4, but that change still missed all of the other
> leaks addressed by my change.

Applied, thanks. Interestingly our shiny new Coverity scan did not
report any fixed leaks, though.

--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: Memory leak, make_absolute_pwd_glob [ In reply to ]
On Tue, 28 Mar 2023 at 04:27, Darren Tucker <dtucker@dtucker.net> wrote:
>
> Applied, thanks. Interestingly our shiny new Coverity scan did not
> report any fixed leaks, though.

Great, thanks.

Coverity generally does pretty well but I have noticed it sometimes
reports only one instance of a general problem or similar cases of
failing to report something I'd expect.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev