In increasing order of apparent importance:
1. This code in src/channel.c, circa line 1767:
rc = 1; /* set to >0 to let the while loop start */
...
while (rc > 0)
rc = _libssh2_transport_read(session);
would better be
do rc = _libssh2_transport_read(session);
while (rc > 0);
2. The page www.libssh2.org lists features of libssh2, but the list
is incomplete. In particular, libssh2 supports CTR modes now, and
host-key file management probably deserves mention. Recent U.S.
federal procurement guidelines require preferring CTR cipher modes
over CBC, so it could make an important difference in adoption.
3. In release 1.4.3, src/channel.c, _libssh2_channel_write(), line 2017:
return (rc==LIBSSH2_ERROR_EAGAIN?rc:0);
Here rc is the result from _libssh2_transport_read(session).
When the output buffer is full, but the input buffer wasn't, this
returns 0. It seems to me (and please correct me if I am mistaken)
that libssh2_channel_write_ex() should only return 0 if the buflen
argument is itself zero. I think that the correct line here would
be simply
return LIBSSH2_ERROR_EAGAIN;
This fixes an infinite loop in typical fwrite()-like code that
assumes that (the equivalent of) write() will prefer reporting
EAGAIN over returning zero.
I am sorry to discover this only immediately after a release, but I
suppose that's what releases are really for.
Nathan Myers
ncm_at_cantrip.org
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2012-12-05