Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
broken sftp_quote logic #2143
in the beginning of the function lib/ssh-libssh.c:sftp_quote() there's this line:
This is fine, because we know
... if cmd would be NULL there, it would already have done wrong and crashed. It can't be NULL there!
But the if condition always ends with a
(CID 1424902 by coverity, interpreted a bit by me)
That function code is very similar with the
But if it could, it still would be pointless to check that after it has already been dereferenced / increased!
And thanks for pointing out that this flaw exists in lib/ssh.c too. I'll take care of that in a PR!