cURL / Mailing Lists / curl-library / Single Mail

curl-library

Bugs in ssh.c

From: Daniel Johnson <daniel_at_daniel-johnson.org>
Date: Tue, 17 Jul 2007 08:21:39 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I found a couple of bugs in ssh.c. In two instances after calls to
libssh2_session_last_error, Curl_safefree is being called on err_msg
pointers returned by those calls. However, since 0 is being passed to
libssh2_session_last_error as the want_buf parameter, libssh2 owns
that pointer, not libcurl. This causes curl to crash during tests 613
and 614 during my autobuilds. The solution is to remove the
Curl_safefree calls. I've included the patch below. Tests 613 and 614
still fail for me (in fact most of the 6xx tests fail) but that seems
to be a separate issue. This patch does stop the crashing, however.

Daniel Johnson

Index: lib/ssh.c
===================================================================
RCS file: /cvsroot/curl/curl/lib/ssh.c,v
retrieving revision 1.62
diff -u -r1.62 ssh.c
- --- lib/ssh.c 14 Jul 2007 15:59:01 -0000 1.62
+++ lib/ssh.c 17 Jul 2007 12:11:08 -0000
@@ -1643,7 +1643,6 @@
                                                 &err_msg, NULL, 0);
            err = libssh2_session_error_to_CURLE(ssh_err);
            failf(conn->data, "%s", err_msg);
- - Curl_safefree(err_msg);
            state(conn, SSH_SCP_CHANNEL_FREE);
            sshc->actualCode = err;
            break;
@@ -1686,7 +1685,6 @@
                                                   &err_msg, NULL, 0);
              err = libssh2_session_error_to_CURLE(ssh_err);
              failf(conn->data, "%s", err_msg);
- - Curl_safefree(err_msg);
              state(conn, SSH_SCP_CHANNEL_FREE);
              sshc->actualCode = err;
              break;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Darwin)
Comment: http://homepage.mac.com/danielj7/publickey.txt

iD8DBQFGnLRT4sDFGYouOqARAk3dAJ4iDMYRTDBesLypY//Qxw5AWwu/3gCeL+6A
Yv8KNfPQx3lIYt6if2X1JbY=
=SegM
-----END PGP SIGNATURE-----
Received on 2007-07-17