Bugs item #2910103, was opened at 2009-12-07 17:29 Message generated for change (Comment added) made by bagder You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=703942&aid=2910103&group_id=125852
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None >Status: Pending >Resolution: Accepted Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) >Assigned to: Daniel Stenberg (bagder) Summary: Dangling pointer in file_read_publickey Initial Comment: Memory for public key in userauth.c:file_read_publickey() is allocated to (pubkey), then on line 548 pointer is saved to (*method), then in case of failure in libssh2_base64_decode() original pointer in (pubkey) is freed on line 562, leaving dangling pointer in (*method). When session is closed in session.c:session_free() on line 854 it will try to free memory again which may lead to crash. Moving '*method = pubkey' after libssh2_base64_decode in file_read_publickey could fix this problem. ---------------------------------------------------------------------- >Comment By: Daniel Stenberg (bagder) Date: 2009-12-10 23:40 Message: I can only agree. If you tell me your name I'll give you the proper credit for having found this! ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=703942&aid=2910103&group_id=125852 _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
