On Fri, 14 Oct 2016, Yuriy M. Kaminskiy wrote:

E.g. that libssh2 uses oversized exponent (private key) in DH handshake, which renders it several times slower than it should?

E.g. that libssh2 fails to verify if received field length fits in buffer size *everywhere*, and so malicious server (or maybe even MitM attacker) can trivially crash client, or steal host (client) memory?

Please submit your patches/pull requests and we will take them into consideration!


 / daniel.haxx.se
libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

Reply via email to