sftp segfault with macOS curl 7.69.0

[xquery]

I did this

usr/local/bin/curl -u : sftp://test.rebex.net:22 -l --verbose

or

/usr/local/bin/curl -u : sftp://itcsubmit.wustl.edu -l

and got a segfault

I expected the following

not to segfault ;)

curl/libcurl version

curl 7.69.0-DEV (Darwin) libcurl/7.69.0-DEV OpenSSL/1.0.2s zlib/1.2.11 libssh2/1.9.0_DEV nghttp2/1.26.0
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS HTTP2 HTTPS-proxy IPv6 Largefile libz NTLM SSL UnixSockets

operating system

macOS Mojave

[bagder]

Program received signal SIGSEGV, Segmentation fault.
ssh_force_knownhost_key_type (conn=0x55555574fae8) at vssh/libssh2.c:697
697           if(store->name[0] == '[') {
(gdb) p store
$1 = (struct libssh2_knownhost *) 0x5555557aad80
(gdb) p store->name
$2 = 0x0

The struct in question is documented in libssh2.h:

struct libssh2_knownhost {
    unsigned int magic;  /* magic stored by the library */
    void *node; /* handle to the internal representation of this host */
    char *name; /* this is NULL if no plain text host name exists */
    char *key;  /* key in base64/printable format */
    int typemask;
};

and it specifically says it can be NULL so our code is just not correct!

[bagder]

(This is a regression from #4747 by @SantinoKeupp)

[cvengler]

Can reproduce on 0a04dc4

curl 7.69.1-DEV (x86_64-pc-linux-gnu) libcurl/7.69.1-DEV OpenSSL/1.1.1d zlib/1.2.11 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh2/1.8.0 nghttp2/1.36.0 librtmp/2.3
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS HTTP2 HTTPS-proxy IDN IPv6 Largefile libz NTLM NTLM_WB PSL SSL TLS-SRP UnixSockets

On 7.64.0

curl 7.64.0 (x86_64-pc-linux-gnu) libcurl/7.64.0 OpenSSL/1.1.1d zlib/1.2.11 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh2/1.8.0 nghttp2/1.36.0 librtmp/2.3
Release-Date: 2019-02-06
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL 

I get the error that the SSL cert is bad. If I pass -K it also segfault but different

[xquery]

thx - the fix is straightforward eg. check for null in vssh/libssh2.c:697 (which as @bagder pointed out was added in #4747 and caused the regression)... building out the test is most of the work eg. I also want to include a few representative known_hosts files (with and without corrupted entries) - will have PR ready for review tomorrow.

[cvengler]

Thanks. Feel free to ping me for review!