Bugs item #2910103, was opened at 2009-12-07 16:29 Message generated for change (Tracker Item Submitted) made by nobody You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=703942&aid=2910103&group_id=125852
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: Dangling pointer in file_read_publickey Initial Comment: Memory for public key in userauth.c:file_read_publickey() is allocated to (pubkey), then on line 548 pointer is saved to (*method), then in case of failure in libssh2_base64_decode() original pointer in (pubkey) is freed on line 562, leaving dangling pointer in (*method). When session is closed in session.c:session_free() on line 854 it will try to free memory again which may lead to crash. Moving '*method = pubkey' after libssh2_base64_decode in file_read_publickey could fix this problem. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=703942&aid=2910103&group_id=125852 _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
