From fcc66557503124ab98491a598b706a24eb3cf0e1 Mon Sep 17 00:00:00 2001 From: Antonio Larrosa Date: Mon, 12 Aug 2024 11:32:42 +0200 Subject: [PATCH] Fix a small memory leak in process_server_config_line_depth The return value of argv_assemble is owned by the caller and should be free'd. When processing the sSubsystem case there are two calls to argv_assemble but only one of them is freed. This patch fixes the small (29 bytes according to valgrind) memory leak. The output from valgrind: ==115369== 29 bytes in 1 blocks are definitely lost in loss record 573 of 913 ==115369== at 0x4845794: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==115369== by 0x124A22: argv_assemble (misc.c:2165) ==115369== by 0x1385E5: process_server_config_line_depth.constprop.0 (servconf.c:2004) ==115369== by 0x13984D: parse_server_config_depth.constprop.0 (servconf.c:3032) ==115369== by 0x139986: parse_server_config.constprop.0 (servconf.c:3049) ==115369== by 0x111C6E: main (sshd.c:1445) Submitted to upstream at https://github.com/openssh/openssh-portable/pull/515 --- servconf.c | 1 + 1 file changed, 1 insertion(+) diff --git a/servconf.c b/servconf.c index 5a20d6f8..0b989b95 100644 --- a/servconf.c +++ b/servconf.c @@ -2006,6 +2006,7 @@ process_server_config_line_depth(ServerOptions *options, char *line, xasprintf(&options->subsystem_args[options->num_subsystems], "%s%s%s", arg, *arg2 == '\0' ? "" : " ", arg2); free(arg2); + free(arg); argv_consume(&ac); options->num_subsystems++; break; -- 2.45.2