Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
in the beginning of the function lib/ssh-libssh.c:sftp_quote() there's this line:
This is fine, because we know
... if cmd would be NULL there, it would already have done wrong and crashed. It can't be NULL there!
But the if condition always ends with a
(CID 1424902 by coverity, interpreted a bit by me)
That function code is very similar with the
But if it could, it still would be pointless to check that after it has already been dereferenced / increased!
And thanks for pointing out that this flaw exists in lib/ssh.c too. I'll take care of that in a PR!