Subject: [libssh2] #290: segfault in diffie_hellman_sha1

[libssh2] #290: segfault in diffie_hellman_sha1

From: libssh2 Trac <trac_at_libssh2.stuge.se>
Date: Wed, 03 Dec 2014 19:18:10 -0000

#290: segfault in diffie_hellman_sha1
--------------------+--------------------
Reporter: mstrsn | Owner:
Type: defect | Status: new
Priority: normal | Milestone: 1.4.3
Component: crypto | Version: 1.4.2
Keywords: | Blocked By:
Blocks: |
--------------------+--------------------
If an application happens to call the OpenSSL routine EVP_cleanup, then
libssh2 will generate a segfault at the call to libssh2_sh1_update at line
249 in kex.c. Of course, the application should not call EVP_cleanup
prematurely, but to avoid crashes in your library, I suggest you guard
against this possibility in a manner similar to your guard around the call
to libssh2_md5_update at line 222 in kex.c.

-- 
Ticket URL: <https://trac.libssh2.org/ticket/290>
libssh2 <https://trac.libssh2.org/>
C library for writing portable SSH2 clients
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

Received on 2014-12-03

This message: [ Message body ]
Next message: libssh2 Trac: "[libssh2] #291: libssh2_agent_connect always returns -39 when using in on iOS"
Previous message: libssh2 Trac: "[libssh2] #289: Configure check for EVP_aes_128_ctr does not work properly"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]