Subject: [libssh2] #300: Memory leak in kex.c

[libssh2] #300: Memory leak in kex.c

From: libssh2 Trac <>
Date: Fri, 03 Apr 2015 12:08:59 -0000

#300: Memory leak in kex.c
 Reporter: ElectronShepherd | Owner:
     Type: defect | Status: new
 Priority: normal | Milestone: 1.5.0
Component: crypto | Version: 1.5.0
 Keywords: memory leak | Blocked By:
   Blocks: |
 I'm picking up a memory leak in kex.c, line 205. The code is:

         session->server_hostkey =
             LIBSSH2_ALLOC(session, session->server_hostkey_len);


 For some execution paths, session->server_hostkey is already allocated, so
 when the contents of the pointer are replaced, there's a leak.

 Oddly, I found it while SSHing into a Synology device, and it's fully
 repeatable. What's strange is that I don't get the leak when connecting to
 a "proper" Linux install such as Debian 7.

 For now, my workaround is to add

             if (session->server_hostkey) {
                     LIBSSH2_FREE(session, session->server_hostkey);


 just above the leaking call, but that doesn't seem like the most reliable
 solution to me, since it seems like the code is reusing a session which
 hasn't been cleared properly, and there's probably more cleanup that
 should be done against the session.

Ticket URL: <>
libssh2 <>
C library for writing portable SSH2 clients
Received on 2015-04-03