Subject: Re: Bug in sign_fromfile (userauth.c)

Re: Bug in sign_fromfile (userauth.c)

From: Daniel Stenberg <>
Date: Sun, 20 Oct 2013 19:16:36 +0200 (CEST)

On Sun, 20 Oct 2013, Graham Bradshaw wrote:

> There might be a bug in userauth.c, in sign_fromfile. privkeyobj->dtor is
> called to clean up, but the first time it is called (if privkeyobj->signv
> returns non-zero), it passes abstract in. The other time it passes in
> hostkey_abstract, which seems sensible. abstract is passed in and points to
> a pointer to a privkey_file structure which is declared on the stack in
> userauth_publickey_fromfile, so freeing it looks wrong.

Right, only one of them can be right so the other has to be wrong!

> I've looked at, but the
> information on what's needed for the callback function isn't complete. Are
> there any other examples anywhere, or can someone point me in the right
> direction?

I think we should fix the code and add the missing description to the man

You up for it?

Received on 2013-10-20