Subject: Re: libssh2_knownhosts_writefile_fp()

Re: libssh2_knownhosts_writefile_fp()

From: Ben Kibbey <bjk_at_luxsci.net>
Date: Sun, 21 Nov 2010 08:34:51 -0500

On Sun, Nov 21, 2010 at 12:53:43PM +0000, Alexander Lamaison wrote:
> On 21 November 2010 12:44, Ben Kibbey <bjk_at_luxsci.net> wrote:
> >
> > I get a warning during linking about tempnam(3) being insecure. Heres a
> > a patch to write the knownhosts to an already open file stream (which I
> > create with tmpfile(3).
>
> Passing a FILE* across an API call is a really bad idea. Unless
> you're linking statically, this can corrupt the C-runtime memory as
> you're passing an object owned by one runtime instance to another.
> Although there are a couple of calls in libssh2 that still do this,
> we're trying to get rid of them.

Is it only the FILE* structure? What about the file descriptor of the
opened stream obtained from fileno(3)? Is that safe?

-- 
Ben Kibbey
[XMPP: bjk AT thiessen DOT im] - [IRC: (bjk) FreeNode/OFTC]
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2010-11-21