#290: segfault in diffie_hellman_sha1
--------------------+--------------------
Reporter: mstrsn | Owner:
Type: defect | Status: new
Priority: normal | Milestone: 1.4.3
Component: crypto | Version: 1.4.2
Keywords: | Blocked By:
Blocks: |
--------------------+--------------------
If an application happens to call the OpenSSL routine EVP_cleanup, then
libssh2 will generate a segfault at the call to libssh2_sh1_update at line
249 in kex.c. Of course, the application should not call EVP_cleanup
prematurely, but to avoid crashes in your library, I suggest you guard
against this possibility in a manner similar to your guard around the call
to libssh2_md5_update at line 222 in kex.c.
--
Ticket URL: <https://trac.libssh2.org/ticket/290>
libssh2 <https://trac.libssh2.org/>
C library for writing portable SSH2 clients
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
