On 03/13/2012 02:29 PM, Daniel Stenberg wrote: > On Sun, 11 Mar 2012, Steven Dake wrote: > >> Not entirely sure how this code snippet is supposed to work, but is it >> possible that the following could happen: >> >> method_type = LIBSSH2_METHOD_LANG_CS or LANG_SC >> >> (this sets mlist to NULL) >> >> mlist passed in as NULL to 3rd parameter of kex_get_method_by_name >> resulting in segfault from null dereference? > > I tracked down the origin of that code. It was added Dec 9 2004 by Sara > and was never really changed since (just re-indented and white-space > modified). > > I suggest we add a check for it so that we're _sure_ it can't happen. Or > what do you think? >
An assert would make sense (since we want to assert that something doesn't happen rather then having it happen and resulting in segfault), although asserts inside libraries are a bit evil. Another option is return an error code, but not sure how that would be passable by the api callers. _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
