On Sun, Mar 02, 2025 at 02:14:40PM +0100, Kirill A. Korinsky wrote: > >Synopsis: ssh(90208) in free(): bogus pointer (double free?) 0x7009398e6f > >Category: ssh > >Environment: > System : OpenBSD 7.6 > Details : OpenBSD 7.6-current (GENERIC.MP) #322: Sat Mar 1 > 16:43:32 MST 2025 > > dera...@arm64.openbsd.org:/usr/src/sys/arch/arm64/compile/GENERIC.MP > > Architecture: OpenBSD.arm64 > Machine : arm64 > >Description: > After install a fresh snapshot I can't run cvs -q update -P -d > anymore. > >How-To-Repeat: > Install a snapshot with BUILDINFO: > Build date: 1740874110 - Sun Mar 2 00:08:30 UTC 2025 > Try to run cvs -q update -P -d against anon...@ftp.hostserver.de:/cve > >Fix: > No idea
ssh.c r1.607 fixes this bad free: https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh.c.diff?r1=1.606&r2=1.607
