PHP :: Bug #59009 :: Static buffer is freed when using ssh2_auth

Bug #59009	Static buffer is freed when using ssh2_auth_none, causing memory corruption
Submitted:	2009-12-25 10:02 UTC	Modified:	2011-09-21 15:10 UTC
From:	piopawlu at poczta dot onet dot pl	Assigned:
Status:	Closed	Package:	ssh2 (PECL)
PHP Version:	Irrelevant	OS:	Irrelevant
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2009-12-25 10:02 UTC] piopawlu at poczta dot onet dot pl

Description:
------------
As stated in the libssh2 documentation buffer returned from libssh2_userauth_list is handled internally by the library and must not be freed using the efree() method. Freeing this buffer causes internal memory corruption which results in terminating mysql connection for instance and some times a segmentation fault. The efree call should be removed to fix it.

Info about the buffer:
http://www.libssh2.org/libssh2_userauth_list.html

Reproduce code:
---------------
Index: ssh2.c
===================================================================
--- ssh2.c      (wersja 292624)
+++ ssh2.c      (kopia robocza)
@@ -596,7 +596,6 @@
        if (strlen(s)) {
                add_next_index_string(return_value, s, 1);
        }
-       efree(methods);
 }
 /* }}} */

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-09-21 15:10 UTC] bjori@php.net

This bug has been fixed in SVN.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Apr 23 08:01:30 2024 UTC