Skip to content

SSHD/Echoserver: Fix memory leaks and public-key lookup#1071

Open
stenslae wants to merge 1 commit into
wolfSSL:masterfrom
stenslae:patch/auth-bugfixes
Open

SSHD/Echoserver: Fix memory leaks and public-key lookup#1071
stenslae wants to merge 1 commit into
wolfSSL:masterfrom
stenslae:patch/auth-bugfixes

Conversation

@stenslae

Copy link
Copy Markdown
Member

Fixed: Memory leaks, multiple public-key lookups per user in the echoserver, and authentication privilege errors.

  • internal.c in internal.c: Fixed a memory leak where RSA/ECC keys in signature blocks were leaked if they matched X.509 format IDs instead of standard SSH format IDs.
  • auth.c: Freed promptData.prompts and promptData.promptLengths on allocation failure pathways.
  • echoserver.c: Fixed a copy-paste error and added cleanups on allocations failure.
  • Key Hash Lookup Correctness: Updated wsUserAuth in echoserver.c to traverse all
    registered public keys for a matching user name instead of immediately returning an invalid
    key error on the first hash mismatch.
  • Stack Buffer Cleanup: Freed keyLoadBuf under WOLFSSH_SMALL_STACK configurations for all early exit paths inside echoserver_test.
  • auth.c: Returns success immediately if privilege separation is explicitly disabled.
  • auth.c: Limits changing target user/group identifiers to environments where privilege separation or sandboxing is active.

@stenslae stenslae self-assigned this Jun 29, 2026

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #1071

Scan targets checked: wolfssh-bugs, wolfssh-src

Findings: 1
1 finding(s) posted as inline comments (see file-level comments below)

This review was generated automatically by Fenrir. Findings are non-blocking.

Comment thread examples/echoserver/echoserver.c
Comment thread examples/echoserver/echoserver.c

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #1071

Scan targets checked: wolfssh-bugs, wolfssh-src

Findings: 1
1 finding(s) posted as inline comments (see file-level comments below)

This review was generated automatically by Fenrir. Findings are non-blocking.

Comment thread examples/echoserver/echoserver.c
Comment thread examples/echoserver/echoserver.c

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #1071

Scan targets checked: wolfssh-bugs, wolfssh-src

No new issues found in the changed files. ✅

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #1071

Scan targets checked: wolfssh-bugs, wolfssh-src

No new issues found in the changed files. ✅

@stenslae stenslae removed their assignment Jul 7, 2026

@aidangarske aidangarske left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🐺 Skoll Code Review

Overall recommendation: COMMENT
Findings: 3 total — 3 posted, 0 skipped

Posted findings

  • [Medium] Privilege-separation permission behavior lacks regression testsapps/wolfsshd/auth.c:1853-1961
  • [Medium] Multiple public-key lookup fix has no regression coverageexamples/echoserver/echoserver.c:2677-2727
  • [Low] New bare scope block violates local C conventionapps/wolfsshd/auth.c:1952-1974

Review generated by Skoll.

Comment thread apps/wolfsshd/auth.c
Comment thread examples/echoserver/echoserver.c
Comment thread apps/wolfsshd/auth.c
@aidangarske aidangarske assigned stenslae and unassigned wolfSSL-Bot Jul 9, 2026
@stenslae stenslae force-pushed the patch/auth-bugfixes branch from 7958c10 to 7337100 Compare July 13, 2026 19:00
@stenslae stenslae assigned wolfSSL-Bot and unassigned stenslae Jul 13, 2026
@stenslae stenslae requested review from wolfSSL-Fenrir-bot and removed request for wolfSSL-Fenrir-bot July 13, 2026 21:25

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #1071

Scan targets checked: wolfssh-bugs, wolfssh-src

No new issues found in the changed files. ✅

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants