On Mon, 29 Mar 2010, Daniel Stenberg wrote:
> I don't quite understand that resistance either. As I said
> before: this function is not documented clearly to *not*
> accept a NULL for a blank passphrase even though it isn't
> documented to accept it either. Given that small uncertainty
> in API funcionality I think it is quite easy to check against
> this specific case.
It would seem best to always clarify any points of uncertainty when ever
possible.
> It is not the same as to say that we always should check all
> arguments for junk or whatever.
I would not rule this out. Obviously it can be taken to absurd extremes,
but a reasonable step to sanitize inputs can be very important. As a
library, you can not be sure of the source of the inputs being sent to your
library - did the application sanitize them enough or does doing nothing
leave open a potential exploit? There has to be a balance somewhere between
so sanitizing so insanly it drags everything to a griding halt and just
leaving the barn door open and hoping no one notices or cares.
- C Johnson
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2010-03-29