PHP :: Bug #59009 :: Static buffer is freed when using ssh2_auth

Bug #59009	Static buffer is freed when using ssh2_auth_none, causing memory corruption
Submitted:	2009-12-25 10:02 UTC	Modified:	2011-09-21 15:10 UTC
From:	piopawlu at poczta dot onet dot pl	Assigned:
Status:	Closed	Package:	ssh2 (PECL)
PHP Version:	Irrelevant	OS:	Irrelevant
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	piopawlu at poczta dot onet dot pl
New email:
PHP Version:		OS:

New/Additional Comment:

[2009-12-25 10:02 UTC] piopawlu at poczta dot onet dot pl

Description:
------------
As stated in the libssh2 documentation buffer returned from libssh2_userauth_list is handled internally by the library and must not be freed using the efree() method. Freeing this buffer causes internal memory corruption which results in terminating mysql connection for instance and some times a segmentation fault. The efree call should be removed to fix it.

Info about the buffer:
http://www.libssh2.org/libssh2_userauth_list.html

Reproduce code:
---------------
Index: ssh2.c
===================================================================
--- ssh2.c      (wersja 292624)
+++ ssh2.c      (kopia robocza)
@@ -596,7 +596,6 @@
        if (strlen(s)) {
                add_next_index_string(return_value, s, 1);
        }
-       efree(methods);
 }
 /* }}} */

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-09-21 15:10 UTC] bjori@php.net

This bug has been fixed in SVN.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Nov 15 06:00:01 2025 UTC