Subject: Re: [libssh2] All Your Mem Belongs to Us

Re: [libssh2] All Your Mem Belongs to Us

From: James Housley <>
Date: Fri, 10 Nov 2006 08:49:20 -0500

On Nov 10, 2006, at 8:41 AM, Daniel Stenberg wrote:

> On Fri, 10 Nov 2006, Satish Mittal wrote:
>> if (ret == 0) continue;
>> Where ret is the return status of recv() being called above. Now
>> if recv()
>> returns 0, this means that no messages are available to be
>> received and the
>> peer has performed an orderly shutdown. Whereas here we just
>> continue in the
>> while loop!
>> Won't this lead to an infinite hang as the remote server has
>> already closed
>> the connection? Perhaps we may want to treat (ret=0) also as a
>> failure case
>> and return -1 from blocking_read.
> Yes indeed, getting a 0 back from recv() with the socket set to
> blocking
> really can't be good in this sense, so I would expect it to at
> least deal with
> it somehow and not just loop.
> ... and searching through src/packet.c we can spot the same
> "solution" in
> multiple places - but then mostly when treating the return code from
> libssh2_packet_read(). I don't see how they are correct either, but
> perhaps
> I'm not getting the whole picture yet.

I don't have the full picture either, but your last patch for the
packet length has been committed.


No lets stop this thread and create a new one for the next group of
patches. Keeping it in this thread will be confusing.


/"\   ASCII Ribbon Campaign  .
\ / - NO HTML/RTF in e-mail  .
  X  - NO Word docs in e-mail .
/ \ -----------------------------------------------------------------     The Power to Serve
"Eagles may soar, but weasels don't get sucked into jet engines"
     -- Anon
Received on 2006-11-10