On Mon, 29 Mar 2010, suyog jadhav wrote:
> I have a key which has passphrase as NULL(no passphrase).
> Now I give it as parameter to libssh2_userauth_publickey_fromfile along with
> NOT-NULL(anything) passphrase. The pubkey auth succeeds in this case,as
> there is nowhere check for this scenario.
You could easily first try with a blank passphrase to see if this is indeed
the case.
> I understand that default ssh client doesn't ask for passphrase for such
> key,which was the requirement for such case,I think.
The "default ssh client" ? Are you referring to the openssh tool?
> I have also raised a ticket http://libssh2.stuge.se/ticket/169 for a fix
> similar to this problem.
Sorry, but ticket 169 is not a fix. It simply says you crash libssh2 by
passing in a NULL pointer instead of a pointer to a passphrase. I agree that
the man page doesn't say explicitly what is allowed there but it also doesn't
say that NULL is a legitimate input.
I still think we should check for a NULL pointer to make it more robust.
-- / daniel.haxx.se _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-develReceived on 2010-03-29