x/crypto/ssh: newChannel leak after Reject()

[ziyan]

An authenticated SSH client that repeatedly opened channels which
were rejected by the server caused unbounded memory growth, eventually
crashing the server process and affecting all connected users. Rejected
channels are now properly removed from the connection's internal state
and released for garbage collection.

Thanks to Ziyan Zhou for reporting this issue.

This is CVE-2026-39827 and Go issue https://go.dev/issue/35127.

---

This was a PUBLIC track issue, tracked in http://b/502992369.

[ziyan]

I can see that newChannel() method of mux does:

m.chanList.add(ch)

But chanList.remove() is called only in two places, both of which is inside handlePacket() of channel. This probably means if client side does not send msgChannelClose or channelOpenFailureMsg, the channel object will be left in m.chanList forever.

[dmitshur]

/cc @hanwen per owners.

[ziyan]

I've created a minimal repro here: https://github.com/ziyan/sshrejectleak

[hanwen]

sounds believable. Can you whip up a change?

[gopherbot]

Change https://go.dev/cl/781320 mentions this issue: ssh: prevent memory leak when rejecting channels