0849e44220
Upon SSH_OK, callers of `ssh_dh_keypair_set_keys` expect for ownership of the `priv` and `pub` values to be transferred away and eventually later managed by way of the `struct dh_ctx` at hand. The mbedTLS and gcrypt builds transfer ownership of these values in that way, but the libcrypto `ssh_dh_keypair_set_keys` is copying the given values with `BN_dup`. This causes a memory leak that can be seen with pkd and valgrind: valgrind --leak-check=full \ ./pkd_hello -i1 -t torture_pkd_openssh_dsa_rsa_diffie_hellman_group16_sha512 Fix the leak by replacing the `BN_dup` with direct assignment. Now the bignums will eventually be freed via `ssh_dh_cleanup`. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> |
||
---|---|---|
cmake | ||
doc | ||
examples | ||
include | ||
obj | ||
src | ||
tests | ||
.arcconfig | ||
.gitignore | ||
.gitlab-ci.yml | ||
AUTHORS | ||
BSD | ||
ChangeLog | ||
CMakeLists.txt | ||
CompilerChecks.cmake | ||
config.h.cmake | ||
ConfigureChecks.cmake | ||
COPYING | ||
CPackConfig.cmake | ||
CTestConfig.cmake | ||
DefineOptions.cmake | ||
INSTALL | ||
libssh-config.cmake.in | ||
libssh.pc.cmake | ||
README | ||
README.CodingStyle | ||
README.mbedtls | ||
README.md | ||
SubmittingPatches |
_ _ _ _
(_) (_) (_) (_)
(_) _ (_) _ _ _ _ _ (_) _
(_) (_) (_)(_) _ (_)(_) (_)(_) (_)(_) _
(_) (_) (_) (_) _ (_) _ (_) (_) (_)
(_) (_) (_)(_)(_) (_)(_) (_)(_) (_) (_).org
The SSH library
Why?
Why not ? :) I've began to work on my own implementation of the ssh protocol because i didn't like the currently public ones. Not any allowed you to import and use the functions as a powerful library, and so i worked on a library-based SSH implementation which was non-existing in the free and open source software world.
How/Who?
If you downloaded this file, you must know what it is : a library for accessing ssh client services through C libraries calls in a simple manner. Everybody can use this software under the terms of the LGPL - see the COPYING file
If you ask yourself how to compile libssh, please read INSTALL before anything.
Where ?
Contributing
Please read the file 'SubmittingPatches' next to this README file. It explains our copyright policy and how you should send patches for upstream inclusion.
Have fun and happy libssh hacking!
The libssh Team