On 10/2/14, 11:10 AM, [email protected] wrote: > pki_signature_from_blob (reached only by the client-side) was not releasing > memory correctly. > > After analizing the function, I found that DSA_SIG_new() and ECDSA_SIG_new() > alloc the bignumbers used to represent the corresponding signatures.
I was able to reproduce the leak with ECDSA_SIG_new. I've filed https://red.libssh.org/issues/175 to track fixing this. In that bug is a patch that fixes the ECDSA_SIG_new leak if you're using LIBCRYPTO (it would need more work for a LIBGCRYPT build). I was not able to reproduce any leak with the DSA_SIG_new usage, though. -Jon
