Daniel, Relative to this commit...
> Commit: 7b7c45879e5ec6fb2f531860f483197955b2aaea > > https://github.com/bagder/curl/commit/7b7c45879e5ec6fb2f531860f483197955b2aaea > Author: Yang Tse <[email protected]> > Date: 2011-09-08 (Thu, 08 Sep 2011) > > Changed paths: > M lib/ssh.c > > Log Message: > ----------- > libssh2: use calloc as alloc function for libssh2 versions older than 1.3 > > This workarounds old libssh2 versions not properly initializing > some ssh session variables, which would trigger memory debuggers > warnings on memory being used without having been initialized. I believe that no libssh2 version uses uninitialized dynamically allocated memory to gather entropy nor any kind of randomness. Could you confirm this? If the above does not hold true, would it be a security risk ? -- -=[Yang]=- ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
