Hi folks,
I was experimenting libssh and I faced an issue when implementing a client application using 0.6.3 and Openssl. Meanwhile the server (I had also implemented) worked fine, my client was not releasing chunks of memory. After some days of painstakingly debugging, I realized that pki_signature_from_blob (reached only by the client-side) was not releasing memory correctly. After analizing the function, I found that DSA_SIG_new() and ECDSA_SIG_new() alloc the bignumbers used to represent the corresponding signatures. However, when using Openssl, the function make_string_bn() allocs bignumbers and overwrites the ones previously allocated by the *_SIG_new() functions. As a workaround, I just "ugly" patched my code to copy bignumbers content (and not overwrite the pointers already allocated). I recommend our crypto experts collaborators to check this issue. And thank you for the excellent work! Tiago Alves painstakingly debugging
