Subject: Re: [libssh2] #169: segmentation fault in pubkey authentication

Re: [libssh2] #169: segmentation fault in pubkey authentication

From: Daniel Stenberg <>
Date: Mon, 29 Mar 2010 19:43:33 +0200 (CEST)

On Mon, 29 Mar 2010, libssh2 Trac wrote:

> Comment(by alamaison):
> I've got to say I would find it very strange to revert a fix that makes
> using our library ''safer''. Ideally, it should never be possible to crash
> no matter what inputs a component receives.
> -1 for reverting.

I don't quite understand that resistance either. As I said before: this
function is not documented clearly to *not* accept a NULL for a blank
passphrase even though it isn't documented to accept it either. Given that
small uncertainty in API funcionality I think it is quite easy to check
against this specific case.

It is not the same as to say that we always should check all arguments for
junk or whatever.

Received on 2010-03-29