Subject: Re: LibSSH2 SFTP


From: Lars Nordin <>
Date: Wed, 09 Jun 2010 15:43:43 +0200

On 2010-06-09 11:08, Daniel Stenberg wrote:
> On Tue, 8 Jun 2010, Matt Slevinsky wrote:
>> I'm using libssh2-1.2.4 in an SFTP application with libcurl-7.20.0
>> and I've run into a situation with WS_FTP 7.5 secure server, where if
>> the account used to authenticate with the server is valid but
>> disabled (or if the server registration is invalid) the server
>> response will cause a null pointer condition in the sftp_open
>> function in sftp.c. It looks like the server response results in a
>> null LIBSSH2_FTP *sftp parameter in the function call. libcurl is the
>> one sending the null in this case, but its libssh2 which isn't
>> gracefully handling a null value.
> I don't think libssh2 strictly needs to handle a NULL value where the
> documentation clearly says it is supposed to get a pointer.
I disagree, I think a well written library should do sanity checks of
function calls to prevent core-dumps due to bad calls. Checking for a
NULL-pointer and returns an error (or an assert) is so much easerier to
find the error in the calling function. (even if it's in the documention
to use a pointer...)

Received on 2010-06-09