Tor Arntsen wrote: > Could someone have a look at the following, please? .. > it looks like the memcpy will overflow session->server_hostkey_md5.
Yes. Good find. I guess this hasn't caused much trouble because most servers prefer sha1. > Is this a copy-paste error (as SHA_DIGEST_LENGTH is 20 Quite likely. > Alternatively, this one instead: > > From e2ec4c952fa37ffe832eb664f48d334c3d800085 Mon Sep 17 00:00:00 2001 > From: Tor Arntsen <[email protected]> > Date: Wed, 23 Jun 2010 11:15:34 +0200 > Subject: [PATCH] Don't overflow MD5 server hostkey > > Use SHA_DIGEST_LENGTH and MD5_DIGEST_LENGTH > in memcpy instead of hardcoded values. An incorrect > value was used for md5. Applied and pushed - with slight whitespace changes in the commit message. Thanks! //Peter _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
