HomeFreeBSD

sftp: avoid leaking path arg in calls to make_absolute_pwd_glob

Description

sftp: avoid leaking path arg in calls to make_absolute_pwd_glob

As Coverity reports:

Overwriting tmp in tmp = make_absolute_pwd_glob(tmp, remote_path)
leaks the storage that tmp points to.

Consume the first arg in make_absolute_pwd_glob, and add xstrdup() to
the one case which did not assign to the same variable that was passed
in. With this change make_absolute() and make_absolute_pwd_glob() have
the same semantics with respect to freeing the input string.

This change was reported to OpenSSH in
https://lists.mindrot.org/pipermail/openssh-unix-dev/2022-November/040497.html
[and was later adopted upstream].

Reported by: Coverity Scan
CID: 1500409
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37253

(cherry picked from commit 69c72a57af843267b220f8367c4cc7162a12d696)
(cherry picked from commit 533a942a213c9e852265f94d27f1e9768294eaa6)

Details

Provenance
emasteAuthored on Nov 3 2022, 5:17 PM
Reviewer
markj
Differential Revision
D37253: sftp: avoid leaking path arg in calls to make_absolute_pwd_glob
Parents
rG77d002b9cbf4: ssh: fix leak and apply style(9) to hostname canonicalization
Branches
Unknown
Tags
Unknown