forked from openssh/openssh-portable
-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Memory leaks in oqs ecdh path #150
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I see two memory leaks present in the current code. To setup reproduction:
./oqs-scripts/clone_liboqs.sh
./oqs-scripts/build_liboqs.sh
./oqs-scripts/build_openssh.sh
(requires openssl 3.x in the usual place)oqs-test/run_tests.sh
(populates/regress
repo with useful things)Modify
sshd_config
to listen on22222
. Start server:Leak 1
kex_ecdh_dec_key_group
allocates new memory and saves a reference in*shared_secretp
. The function is called twice:sshbuf_putb
does not freeecdh_shared_secret
, even if fully consumed. Hence, memory leaks at function exit.Trace with valgrind
Leak 2
EC_KEY_new_by_curve_name
returns a pointer to newly allocated memory, referenced byecdh_client_key
. On the error path, ownership of the memory referenced byecdh_client_key
is not transferred to the callerkex
and therefore leaks when exiting the function.Impose deliberate error to trace error path
Trace with valgrind
The text was updated successfully, but these errors were encountered: