php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #59009 Static buffer is freed when using ssh2_auth_none, causing memory corruption
Submitted: 2009-12-25 10:02 UTC Modified: 2011-09-21 15:10 UTC
From: piopawlu at poczta dot onet dot pl Assigned:
Status: Closed Package: ssh2 (PECL)
PHP Version: Irrelevant OS: Irrelevant
Private report: No CVE-ID: None
 [2009-12-25 10:02 UTC] piopawlu at poczta dot onet dot pl
Description:
------------
As stated in the libssh2 documentation buffer returned from libssh2_userauth_list is handled internally by the library and must not be freed using the efree() method. Freeing this buffer causes internal memory corruption which results in terminating mysql connection for instance and some times a segmentation fault. The efree call should be removed to fix it.

Info about the buffer:
http://www.libssh2.org/libssh2_userauth_list.html

Reproduce code:
---------------
Index: ssh2.c
===================================================================
--- ssh2.c      (wersja 292624)
+++ ssh2.c      (kopia robocza)
@@ -596,7 +596,6 @@
        if (strlen(s)) {
                add_next_index_string(return_value, s, 1);
        }
-       efree(methods);
 }
 /* }}} */


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-09-21 15:10 UTC] bjori@php.net
This bug has been fixed in SVN.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 17:01:58 2024 UTC