Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
broken sftp_quote logic #2143
in the beginning of the function lib/ssh-libssh.c:sftp_quote() there's this line:
This is fine, because we know
... if cmd would be NULL there, it would already have done wrong and crashed. It can't be NULL there!
But the if condition always ends with a
(CID 1424902 by coverity, interpreted a bit by me)
That function code is very similar with the
I think the coverity errors 1424908, 1424902 and 1424901 are also shared between the two back-ends, though the last looks like a false negative. That is pretty much an argument for @kdudka 's suggestion to make the SCP/SFTP part separated from the back-end.
This comment has been minimized.
This comment has been minimized.Show comment Hide comment
But if it could, it still would be pointless to check that after it has already been dereferenced / increased!
And thanks for pointing out that this flaw exists in lib/ssh.c too. I'll take care of that in a PR!