[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] config: fix memory leak with repeated opcodes

[Thread Prev] | [Thread Next]

[Date Prev] | [Date Next]

Subject: [PATCH] config: fix memory leak with repeated opcodes
From: Jon Simons <jon@xxxxxxxxxxxxx>
Reply-to: libssh@xxxxxxxxxx
Date: Sat, 9 Sep 2017 20:11:47 -0700
To: libssh@xxxxxxxxxx
Cc: Jon Simons <jon@xxxxxxxxxxxxx>

Fix a memory leak in the path where parsing returns early due
to seeing a repeated opcode.  A testcase is added which
demonstrates the leak and fix with valgrind.

Resolves CID 1374267.

Signed-off-by: Jon Simons <jon@xxxxxxxxxxxxx>
---
 src/config.c                     |  1 +
 tests/unittests/torture_config.c | 21 ++++++++++++++++++++-
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/src/config.c b/src/config.c
index 42148df7..25d64998 100644
--- a/src/config.c
+++ b/src/config.c
@@ -251,6 +251,7 @@ static int ssh_config_parse_line(ssh_session session, const char *line,
   opcode = ssh_config_get_opcode(keyword);
   if (*parsing == 1 && opcode != SOC_HOST && opcode != SOC_UNSUPPORTED && opcode != SOC_INCLUDE) {
       if (seen[opcode] != 0) {
+          SAFE_FREE(x);
           return 0;
       }
       seen[opcode] = 1;
diff --git a/tests/unittests/torture_config.c b/tests/unittests/torture_config.c
index 8be0334c..d5748012 100644
--- a/tests/unittests/torture_config.c
+++ b/tests/unittests/torture_config.c
@@ -6,6 +6,7 @@
 #define LIBSSH_TESTCONFIG1 "libssh_testconfig1.tmp"
 #define LIBSSH_TESTCONFIG2 "libssh_testconfig2.tmp"
 #define LIBSSH_TESTCONFIG3 "libssh_testconfig3.tmp"
+#define LIBSSH_TESTCONFIG4 "libssh_testconfig4.tmp"
 
 #define USERNAME "testuser"
 #define PROXYCMD "ssh -q -W %h:%p gateway.example.com"
@@ -18,6 +19,7 @@ static int setup_config_files(void **state)
     unlink(LIBSSH_TESTCONFIG1);
     unlink(LIBSSH_TESTCONFIG2);
     unlink(LIBSSH_TESTCONFIG3);
+    unlink(LIBSSH_TESTCONFIG4);
 
     torture_write_file(LIBSSH_TESTCONFIG1,
                        "User "USERNAME"\nInclude "LIBSSH_TESTCONFIG2"\n\n");
@@ -27,6 +29,10 @@ static int setup_config_files(void **state)
     torture_write_file(LIBSSH_TESTCONFIG3,
                        "\n\nIdentityFile "ID_FILE"\n");
 
+    /* Multiple Port settings -> parsing returns early. */
+    torture_write_file(LIBSSH_TESTCONFIG4,
+                       "Port 123\nPort 456\n");
+
     session = ssh_new();
     *state = session;
 
@@ -38,6 +44,7 @@ static int teardown(void **state)
     unlink(LIBSSH_TESTCONFIG1);
     unlink(LIBSSH_TESTCONFIG2);
     unlink(LIBSSH_TESTCONFIG3);
+    unlink(LIBSSH_TESTCONFIG4);
 
     ssh_free(*state);
 
@@ -46,7 +53,7 @@ static int teardown(void **state)
 
 
 /**
- * @brief tests the privatekey_from_file function with passphrase
+ * @brief tests ssh_config_parse_file with Include directives
  */
 static void torture_config_from_file(void **state) {
     ssh_session session = *state;
@@ -78,12 +85,24 @@ static void torture_config_from_file(void **state) {
 
 }
 
+/**
+ * @brief tests ssh_config_parse_file with multiple Port settings.
+ */
+static void torture_config_double_ports(void **state) {
+    ssh_session session = *state;
+    int ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG4);
+    assert_true(ret == 0);
+}
+
 int torture_run_tests(void) {
     int rc;
     struct CMUnitTest tests[] = {
         cmocka_unit_test_setup_teardown(torture_config_from_file,
                                         setup_config_files,
                                         teardown),
+        cmocka_unit_test_setup_teardown(torture_config_double_ports,
+                                        setup_config_files,
+                                        teardown),
     };
 
 
-- 
2.14.1

Archive administrator: postmaster@lists.cynapses.org