Subject: Re: time to release another libssh2 version!

Re: time to release another libssh2 version!

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Sun, 16 Oct 2016 17:17:47 +0200 (CEST)

On Fri, 14 Oct 2016, Yuriy M. Kaminskiy wrote:

> E.g. that libssh2 uses oversized exponent (private key) in DH handshake,
> which renders it several times slower than it should?
>
> E.g. that libssh2 fails to verify if received field length fits in buffer
> size *everywhere*, and so malicious server (or maybe even MitM attacker) can
> trivially crash client, or steal host (client) memory?

Please submit your patches/pull requests and we will take them into
consideration!

-- 
  / daniel.haxx.se
_______________________________________________
libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

Received on 2016-10-16

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: time to release another libssh2 version!"
Previous message: Yuriy M. Kaminskiy: "Re: time to release another libssh2 version!"
In reply to: Yuriy M. Kaminskiy: "Re: time to release another libssh2 version!"
Next in thread: Daniel Stenberg: "Re: time to release another libssh2 version!"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]