www.libssh2.org | Daily snapshots | Mailing list archive | Docs | Examples | github

Archive Index This month's Index

Subject: [libssh2] #290: segfault in diffie_hellman_sha1

[libssh2] #290: segfault in diffie_hellman_sha1

From: libssh2 Trac <trac_at_libssh2.stuge.se>
Date: Wed, 03 Dec 2014 19:18:10 -0000

#290: segfault in diffie_hellman_sha1
 Reporter: mstrsn | Owner:
     Type: defect | Status: new
 Priority: normal | Milestone: 1.4.3
Component: crypto | Version: 1.4.2
 Keywords: | Blocked By:
   Blocks: |
 If an application happens to call the OpenSSL routine EVP_cleanup, then
 libssh2 will generate a segfault at the call to libssh2_sh1_update at line
 249 in kex.c. Of course, the application should not call EVP_cleanup
 prematurely, but to avoid crashes in your library, I suggest you guard
 against this possibility in a manner similar to your guard around the call
 to libssh2_md5_update at line 222 in kex.c.

Ticket URL: <https://trac.libssh2.org/ticket/290>
libssh2 <https://trac.libssh2.org/>
C library for writing portable SSH2 clients
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2014-12-03

the libssh2 team