On Wed, 15 Jun 2016, 暖和的和暖 _ wrote:

> It just returns 0.
> The libssh2 is from CentOS 7, shouldn't be too old.
> And I tried with latest source compiled libssh2, the result is same.

Ah right. But isn't the root of this problem that sftp_libssh2_realpath() on
ssh.c:1145 returns a zero? Then libcurl doesn't clone the homedir and it
remains a NULL pointre that then subsequently is dereferenced.

What about this fix to avoid that:

diff --git a/lib/ssh.c b/lib/ssh.c
index d5a1a2a..98ec68d 100644
--- a/lib/ssh.c
+++ b/lib/ssh.c
@@ -1145,11 +1145,11 @@ static CURLcode ssh_statemach_act(struct connectdata
*conn, bool *block)
        rc = sftp_libssh2_realpath(sshc->sftp_session, ".",
                                   tempHome, PATH_MAX-1);
        if(rc == LIBSSH2_ERROR_EAGAIN) {
          break;
        }
- else if(rc > 0) {
+ else if(rc >= 0) {
          /* It seems that this string is not always NULL terminated */
          tempHome[rc] = '\0';
          sshc->homedir = strdup(tempHome);
          if(!sshc->homedir) {
            state(conn, SSH_SFTP_CLOSE);

-- 
  / daniel.haxx.se

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-06-15