Hello everyone,
I just posted a bunch of patches to the Git repository that are the
result of running the code analysis feature of VS2012 against libssh2
using the new CMake generated project files.
Most of them are quite basic, but at least the following two patches
raise additional questions that I would like to bring to your attention:
- kex.c: fix possible NULL pointer de-reference with session->kex [1]
- packet.c: fix possible NULL pointer de-reference within listen_state [2]
I think that just catching the possible NULL pointer in those code paths
is actually not enough to make libssh2 behave correctly.
In my opinion some kind of error code needs to be raised if such an
error condition is reached.
What do you think? Patches and ideas are welcome.
Best regards,
Marc
[1]
http://git.libssh2.org/?p=libssh2.git;a=commitdiff;h=1c1699545b0a1114e8ca3e6cd097cc9df1e67201;js=1
[2]
http://git.libssh2.org/?p=libssh2.git;a=commitdiff;h=e57f29f8f65c83063fd8f63c88f88830fc269bd6;js=1
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2014-12-15