On Sun, 27 Mar 2016, Yuriy M. Kaminskiy wrote:
> Ping? I'd like to stress out this issue has security imlications. At very
> least, DoS (and this is not a standalone application, so it is not a minor
> issue), and maybe host memory exposure too. (However, it is only heap
> over-reads, without heap/stack over-writes, so no risk of escalating to
> remote code execution).
I can only agree that we need cleanups and fixes to make the code less
trusting of remote packets.
It'd be easier if you'd break up your patch in smaller chunks so that they are
easier to review and merge step by step and I would also appreciate if you'd
add comments or use defines when you use magic constants in the code to aid
reviewers and future readers of the code to realize that the numbers come
from.
-- / daniel.haxx.se _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-develReceived on 2016-03-27