cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Bugs in ssh.c

From: James Housley <jim_at_thehousleys.net>
Date: Wed, 18 Jul 2007 12:52:32 -0400

On Jul 17, 2007, at 8:21 AM, Daniel Johnson wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I found a couple of bugs in ssh.c. In two instances after calls to
> libssh2_session_last_error, Curl_safefree is being called on
> err_msg pointers returned by those calls. However, since 0 is being
> passed to libssh2_session_last_error as the want_buf parameter,
> libssh2 owns that pointer, not libcurl. This causes curl to crash
> during tests 613 and 614 during my autobuilds. The solution is to
> remove the Curl_safefree calls. I've included the patch below.
> Tests 613 and 614 still fail for me (in fact most of the 6xx tests
> fail) but that seems to be a separate issue. This patch does stop
> the crashing, however.
>
> Daniel Johnson
>
> Index: lib/ssh.c
> ===================================================================
> RCS file: /cvsroot/curl/curl/lib/ssh.c,v
> retrieving revision 1.62
> diff -u -r1.62 ssh.c
> - --- lib/ssh.c 14 Jul 2007 15:59:01 -0000 1.62
> +++ lib/ssh.c 17 Jul 2007 12:11:08 -0000
> @@ -1643,7 +1643,6 @@
> &err_msg, NULL, 0);
> err = libssh2_session_error_to_CURLE(ssh_err);
> failf(conn->data, "%s", err_msg);
> - - Curl_safefree(err_msg);
> state(conn, SSH_SCP_CHANNEL_FREE);
> sshc->actualCode = err;
> break;
> @@ -1686,7 +1685,6 @@
> &err_msg, NULL, 0);
> err = libssh2_session_error_to_CURLE(ssh_err);
> failf(conn->data, "%s", err_msg);
> - - Curl_safefree(err_msg);
> state(conn, SSH_SCP_CHANNEL_FREE);
> sshc->actualCode = err;
> break;
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (Darwin)
> Comment: http://homepage.mac.com/danielj7/publickey.txt
>
> iD8DBQFGnLRT4sDFGYouOqARAk3dAJ4iDMYRTDBesLypY//Qxw5AWwu/3gCeL+6A
> Yv8KNfPQx3lIYt6if2X1JbY=
> =SegM
> -----END PGP SIGNATURE-----

With this patch I get memory leaks on 605

Jim

--
/"\   ASCII Ribbon Campaign  .
\ / - NO HTML/RTF in e-mail  .
  X  - NO Word docs in e-mail .
/ \ -----------------------------------------------------------------
                      http://www.FreeBSD.org     The Power to Serve
jim@TheHousleys.Net  http://www.TheHousleys.net
---------------------------------------------------------------------
Do not meddle in the affairs of dragons, for you are crunchy and taste
     good with ketchup.
Received on 2007-07-18