Hello Team, We are upgrading from Libssh2 1.10 to 1.11.1. We found that calling kex.c: libssh2_session_method_pref() with bad method names did not throw an error.
It looks like key extension indicators were added with the new update, but the error handling for LIBSSH2_ERROR_METHOD_NOT_SUPPORTED continues to check for empty string. https://github.com/libssh2/libssh2/commit/00e2a07e824db8798d94809156e9fb4e70a42f89 What do folks think about this update in error handling? In https://github.com/libssh2/libssh2/blob/master/src/kex.c: 4310 - if(!*newprefs) { + // ignore trailing comma in kex_extensions when comparing + if((strlen(newprefs) == (kex_extensions_len-1)) && + (strncmp(newprefs, kex_extensions, (kex_extensions_len-1)) == 0)) { LIBSSH2_FREE(session, newprefs); return _libssh2_error(session, LIBSSH2_ERROR_METHOD_NOT_SUPPORTED, "The requested method(s) are not currently " "supported"); } Thanks, Amy
-- libssh2-devel mailing list libssh2-devel@lists.haxx.se https://lists.haxx.se/mailman/listinfo/libssh2-devel
