Daily snapshots |
Mailing list archive |
This month's Index
On 21 November 2010 12:44, Ben Kibbey <bjk_at_luxsci.net> wrote:
> I get a warning during linking about tempnam(3) being insecure. Heres a
> a patch to write the knownhosts to an already open file stream (which I
> create with tmpfile(3).
Passing a FILE* across an API call is a really bad idea. Unless
you're linking statically, this can corrupt the C-runtime memory as
you're passing an object owned by one runtime instance to another.
Although there are a couple of calls in libssh2 that still do this,
we're trying to get rid of them.
Received on 2010-11-21
the libssh2 team