Subject: Re: libssh2_knownhosts_writefile_fp()

Re: libssh2_knownhosts_writefile_fp()

From: Alexander Lamaison <swish_at_lammy.co.uk>
Date: Sun, 21 Nov 2010 12:53:43 +0000

On 21 November 2010 12:44, Ben Kibbey <bjk_at_luxsci.net> wrote:
>
> I get a warning during linking about tempnam(3) being insecure. Heres a
> a patch to write the knownhosts to an already open file stream (which I
> create with tmpfile(3).

Passing a FILE* across an API call is a really bad idea. Unless
you're linking statically, this can corrupt the C-runtime memory as
you're passing an object owned by one runtime instance to another.
Although there are a couple of calls in libssh2 that still do this,
we're trying to get rid of them.

Alex
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2010-11-21

This message: [ Message body ]
Next message: Ben Kibbey: "Re: libssh2_knownhosts_writefile_fp()"
Previous message: Ben Kibbey: "libssh2_knownhosts_writefile_fp()"
In reply to: Ben Kibbey: "libssh2_knownhosts_writefile_fp()"
Next in thread: Ben Kibbey: "Re: libssh2_knownhosts_writefile_fp()"
Reply: Ben Kibbey: "Re: libssh2_knownhosts_writefile_fp()"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]