Subject: Re: Question about kex.c:1868

Re: Question about kex.c:1868

From: Steven Dake <sdake_at_redhat.com>
Date: Tue, 13 Mar 2012 15:52:14 -0700

On 03/13/2012 02:29 PM, Daniel Stenberg wrote:
> On Sun, 11 Mar 2012, Steven Dake wrote:
>
>> Not entirely sure how this code snippet is supposed to work, but is it
>> possible that the following could happen:
>>
>> method_type = LIBSSH2_METHOD_LANG_CS or LANG_SC
>>
>> (this sets mlist to NULL)
>>
>> mlist passed in as NULL to 3rd parameter of kex_get_method_by_name
>> resulting in segfault from null dereference?
>
> I tracked down the origin of that code. It was added Dec 9 2004 by Sara
> and was never really changed since (just re-indented and white-space
> modified).
>
> I suggest we add a check for it so that we're _sure_ it can't happen. Or
> what do you think?
>

An assert would make sense (since we want to assert that something
doesn't happen rather then having it happen and resulting in segfault),
although asserts inside libraries are a bit evil. Another option is
return an error code, but not sure how that would be passable by the api
callers.

_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2012-03-13