On Fri, 14 Oct 2016, Yuriy M. Kaminskiy wrote:
E.g. that libssh2 uses oversized exponent (private key) in DH handshake,
which renders it several times slower than it should?
E.g. that libssh2 fails to verify if received field length fits in buffer
size *everywhere*, and so malicious server (or maybe even MitM attacker) can
trivially crash client, or steal host (client) memory?
Please submit your patches/pull requests and we will take them into
consideration!
--
/ daniel.haxx.se
_______________________________________________
libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel