-
-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sftp segfault with macOS curl 7.69.0 #5041
Comments
The struct in question is documented in libssh2.h:
and it specifically says it can be NULL so our code is just not correct! |
(This is a regression from #4747 by @SantinoKeupp) |
Can reproduce on 0a04dc4
On 7.64.0
I get the error that the SSL cert is bad. If I pass |
thx - the fix is straightforward eg. check for null in vssh/libssh2.c:697 (which as @bagder pointed out was added in #4747 and caused the regression)... building out the test is most of the work eg. I also want to include a few representative known_hosts files (with and without corrupted entries) - will have PR ready for review tomorrow. |
Thanks. Feel free to ping me for review! |
This fix adds a defensive check for the case where the char *name in struct libssh2_knownhost is NULL Fixes curl#5041
I did this
usr/local/bin/curl -u : sftp://test.rebex.net:22 -l --verbose
or
/usr/local/bin/curl -u : sftp://itcsubmit.wustl.edu -l
and got a segfault
I expected the following
not to segfault ;)
curl/libcurl version
curl 7.69.0-DEV (Darwin) libcurl/7.69.0-DEV OpenSSL/1.0.2s zlib/1.2.11 libssh2/1.9.0_DEV nghttp2/1.26.0
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS HTTP2 HTTPS-proxy IPv6 Largefile libz NTLM SSL UnixSockets
operating system
macOS Mojave
The text was updated successfully, but these errors were encountered: