Subject: LibSSH2 SFTP


From: Matt Slevinsky <>
Date: Tue, 8 Jun 2010 15:14:55 -0700


I'm using libssh2-1.2.4 in an SFTP application with libcurl-7.20.0 and I've run into a situation with WS_FTP 7.5 secure server, where if the account used to authenticate with the server is valid but disabled (or if the server registration is invalid) the server response will cause a null pointer condition in the sftp_open function in sftp.c. It looks like the server response results in a null LIBSSH2_FTP *sftp parameter in the function call. libcurl is the one sending the null in this case, but its libssh2 which isn't gracefully handling a null value.


Received on 2010-06-09