cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [bagder/curl] 7b7c45: libssh2: use calloc as alloc function for libssh2 ...

From: Yang Tse <yangsita_at_gmail.com>
Date: Thu, 8 Sep 2011 11:59:58 +0200

Daniel,

Relative to this commit...

> �Commit: 7b7c45879e5ec6fb2f531860f483197955b2aaea
> � � �https://github.com/bagder/curl/commit/7b7c45879e5ec6fb2f531860f483197955b2aaea
> �Author: Yang Tse <yangsita_at_gmail.com>
> �Date: � 2011-09-08 (Thu, 08 Sep 2011)
>
> �Changed paths:
> � �M lib/ssh.c
>
> �Log Message:
> �-----------
> �libssh2: use calloc as alloc function for libssh2 versions older than 1.3
>
> This workarounds old libssh2 versions not properly initializing
> some ssh session variables, which would trigger memory debuggers
> warnings on memory being used without having been initialized.

I believe that no libssh2 version uses uninitialized dynamically
allocated memory to gather entropy nor any kind of randomness. Could
you confirm this?

If the above does not hold true, would it be a security risk ?

-- 
-=[Yang]=-
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2011-09-08

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: [bagder/curl] 7b7c45: libssh2: use calloc as alloc function for libssh2 ..."
Previous message: Vincent Torri: "compilation error of libcurl 7.21.7 with mingw-w64 (i686, gcc 4.7)"
Next in thread: Daniel Stenberg: "Re: [bagder/curl] 7b7c45: libssh2: use calloc as alloc function for libssh2 ..."
Reply: Daniel Stenberg: "Re: [bagder/curl] 7b7c45: libssh2: use calloc as alloc function for libssh2 ..."

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]