Subject: Re: time to release a new version?

Re: time to release a new version?

From: Salvador Fandiño <sfandino_at_gmail.com>
Date: Sat, 26 Sep 2015 10:10:28 +0200

On 09/25/2015 06:43 PM, Will Cosgrove wrote:
> Both patches look innocuous enough. My only question is why is the public key being trimmed in the first place and will this effect the key exchange?

The public key format is a line containing several fields, the last one
is a comment for the user that programs just ignore.

> It seems a less invasive fix would be to check pubkey_len > 0 before
decrementing the length instead of removing the decrementing all together.

IMO the code at that point is simple enough to be reviewed and the
proper fix applied instead of being conservative and keeping crud just
in case.

What the code is doing at that point is getting the size of the first
line from the file keeping the public key, then it rewinds the file,
allocates memory and reads the full line.

That code decrementing the line size after an EOF never made sense at all.

It was introduced to fix bug #1592645
(http://www.libssh2.org/mail/libssh2-devel-archive-2007-08/0025.shtml)
in commit bebd14a011edc6a56a3cc020683ea7c305699470 where "feof" never
triggered because it was placed after the "rewind" call. Then that code
was reordered in commit 1e889ca94734d5c448741be4cc5a3aef2ccab007.

_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2015-09-26