ssh: prevent memory leak when rejecting channels When a server rejects an incoming channel request via NewChannel.Reject, the channel is left in the multiplexer's channel list. Because the channel is never explicitly removed or closed, its internal buffers and sync primitives remain allocated for the lifetime of the SSH connection. A malicious client could exploit this behavior by repeatedly requesting to open channels that are destined to be rejected, causing unbounded memory growth and potentially leading to a Denial of Service (DoS) via resource exhaustion. This change fixes the leak by calling ch.mux.chanList.remove within the Reject method, removing the channel from the list and allowing the garbage collector to reclaim the associated memory immediately. Fixes golang/go#35127 Fixes CVE-2026-3982 Change-Id: Iaa177f5dfd151812dd404e528a4a1c77527a0e29 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/781320 LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Nicholas Husin <nsh@golang.org> Reviewed-by: Nicholas Husin <husin@google.com>
This repository holds supplementary Go cryptography packages.
This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://go.dev/doc/contribute.
The git repository is https://go.googlesource.com/crypto.
The main issue tracker for the crypto repository is located at https://go.dev/issues. Prefix your issue with “x/crypto:” in the subject line, so it is easy to find.
Note that contributions to the cryptography package receive additional scrutiny due to their sensitive nature. Patches may take longer than normal to receive feedback.