Subject: Re: [libssh2] #169: segmentation fault in pubkey authentication

Re: [libssh2] #169: segmentation fault in pubkey authentication

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 29 Mar 2010 19:43:33 +0200 (CEST)

On Mon, 29 Mar 2010, libssh2 Trac wrote:

> Comment(by alamaison):
>
> I've got to say I would find it very strange to revert a fix that makes
> using our library ''safer''. Ideally, it should never be possible to crash
> no matter what inputs a component receives.
>
> -1 for reverting.

I don't quite understand that resistance either. As I said before: this
function is not documented clearly to *not* accept a NULL for a blank
passphrase even though it isn't documented to accept it either. Given that
small uncertainty in API funcionality I think it is quite easy to check
against this specific case.

It is not the same as to say that we always should check all arguments for
junk or whatever.

-- 
  / daniel.haxx.se
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2010-03-29