Daniel Stenberg wrote:
> > Yeah. Note that the last call will write outside s (buffer
> > overflow) if the size of s is defined to an even number.
> >
> > Once that is addressed (if neccessary) I want this fix to be
> > applied.
> >
> > Acked-by: Peter Stuge
>
> Good catch! Both of them. Committe
Peter Stuge wrote:
> Suggested patch attached.
Oops. Maybe malloc() is not such a good idea. Updated patch attached.
//Peter
Index: src/channel.c
===
RCS file: /cvsroot/libssh2/libssh2/src/channel.c,v
retrieving revision 1.72
diff -
On Sun, 8 Mar 2009, Peter Stuge wrote:
> Looking at this code a bit more I found another issue thought, it will
> produce invalid packets if LIBSSH2_X11_RANDOM_COOKIE_LEN is odd.
But it is an even define and the comment next by the define even says it
should remain even, so is it really necessa
Daniel Stenberg wrote:
> > Looking at this code a bit more I found another issue thought, it will
> > produce invalid packets if LIBSSH2_X11_RANDOM_COOKIE_LEN is odd.
>
> But it is an even define and the comment next by the define even says it
> should remain even, so is it really necessary to d
On Sun, 8 Mar 2009, Peter Stuge wrote:
>> But it is an even define and the comment next by the define even says it
>> should remain even, so is it really necessary to do this extra precaution?
>
> Maybe not. But I would still like the loop to use cookie_len instead of the
> define, and then the
