On 21 November 2010 13:34, Ben Kibbey <[email protected]> wrote: > On Sun, Nov 21, 2010 at 12:53:43PM +0000, Alexander Lamaison wrote: >> On 21 November 2010 12:44, Ben Kibbey <[email protected]> wrote: >> > >> > I get a warning during linking about tempnam(3) being insecure. Heres a >> > a patch to write the knownhosts to an already open file stream (which I >> > create with tmpfile(3). >> >> Passing a FILE* across an API call is a really bad idea. Unless >> you're linking statically, this can corrupt the C-runtime memory as >> you're passing an object owned by one runtime instance to another. >> Although there are a couple of calls in libssh2 that still do this, >> we're trying to get rid of them. > > Is it only the FILE* structure? What about the file descriptor of the > opened stream obtained from fileno(3)? Is that safe?
Also not safe. Any 'object' that belongs to one instance of the C-runtime must not be manipulated by another instance. The file descriptor data is owned by the C-runtime regardless of whether you access it via a fileno or a FILE*. It's a bit like calling malloc() in one instance and calling free() in the other which will also corrupt the runtime memory and most likely crash. While the memory allocated by malloc() is not owned by the C-runtime (you can access the memory anywhere you wish), the table of memory allocations *is*. When you call another instance's free() on the pointer, it is the table of allocations that is changed, not the allocated memory. As each runtime instance has its own table, boo boo ensues. Unfortunately, as far as I'm aware, every file operation manipulates internal tables so you can never safely use any form of opened file descriptor across API calls. Alex _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
