Subject: Re: LibSSH2 SFTP


From: Daniel Stenberg <>
Date: Wed, 9 Jun 2010 11:08:15 +0200 (CEST)

On Tue, 8 Jun 2010, Matt Slevinsky wrote:

> I'm using libssh2-1.2.4 in an SFTP application with libcurl-7.20.0 and I've
> run into a situation with WS_FTP 7.5 secure server, where if the account
> used to authenticate with the server is valid but disabled (or if the server
> registration is invalid) the server response will cause a null pointer
> condition in the sftp_open function in sftp.c. It looks like the server
> response results in a null LIBSSH2_FTP *sftp parameter in the function call.
> libcurl is the one sending the null in this case, but its libssh2 which
> isn't gracefully handling a null value.

I don't think libssh2 strictly needs to handle a NULL value where the
documentation clearly says it is supposed to get a pointer.

If this is truly what happens, then I would claim libcurl is the primary
target for the blame. It should bail out already when libssh2 returned the
NULL in the first place. We in the libcurl camp would be interested to see
this fixed if you can figure out why/where this happens. (Then take this issue
further on the curl-library list instead.)

Received on 2010-06-09