php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #59009 Static buffer is freed when using ssh2_auth_none, causing memory corruption
Submitted: 2009-12-25 10:02 UTC Modified: 2011-09-21 15:10 UTC
From: piopawlu at poczta dot onet dot pl Assigned:
Status: Closed Package: ssh2 (PECL)
PHP Version: Irrelevant OS: Irrelevant
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: piopawlu at poczta dot onet dot pl
New email:
PHP Version: OS:

 

 [2009-12-25 10:02 UTC] piopawlu at poczta dot onet dot pl
Description:
------------
As stated in the libssh2 documentation buffer returned from libssh2_userauth_list is handled internally by the library and must not be freed using the efree() method. Freeing this buffer causes internal memory corruption which results in terminating mysql connection for instance and some times a segmentation fault. The efree call should be removed to fix it.

Info about the buffer:
http://www.libssh2.org/libssh2_userauth_list.html

Reproduce code:
---------------
Index: ssh2.c
===================================================================
--- ssh2.c      (wersja 292624)
+++ ssh2.c      (kopia robocza)
@@ -596,7 +596,6 @@
        if (strlen(s)) {
                add_next_index_string(return_value, s, 1);
        }
-       efree(methods);
 }
 /* }}} */


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-09-21 15:10 UTC] bjori@php.net
This bug has been fixed in SVN.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.


 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Tue Dec 01 09:01:24 2020 UTC