Subject: [libssh2] #175: sprintf of a null pointer causes a core dump

[libssh2] #175: sprintf of a null pointer causes a core dump

From: libssh2 Trac <trac_at_libssh2.stuge.se>
Date: Tue, 15 Jun 2010 13:49:15 -0000

#175: sprintf of a null pointer causes a core dump
------------------------------+---------------------------------------------
 Reporter: john@… | Owner:
     Type: defect | Status: new
 Priority: normal | Milestone: 1.2.6
Component: API | Version: 1.2.6
 Keywords: | Blocks:
Blocked By: |
------------------------------+---------------------------------------------
 After downloading the latest (10 June 2010) tarball.

 I have compiled libssh2, with debug enabled, using Sun Studio 12 on
 Solaris 10 x86 (64 bit mode), using the following configure parameters
 ./configure --enable-debug --prefix=/usr/local/libssh2-1.2.6/ --with-
 libssl-prefix=/usr/local/openssl-0/amd64-pc-solaris2.10 CFLAGS=-m64

 When I run my test program it crashes in the _libssh2_debug function. This
 is because is is trying to print the variable "message" using the format
 string "%s", unfortunately "message" is a NULL pointer and causes a crash.

 I suggest the following fix (this is the diff output from my fixed
 channel.c file)

 1216c1216
 < (message == NULL) ? "<null>" : message);
 ---
> message);

 I usually use the following in all my code to protect against this
 #define NULL_STR(x) (((x) == NULL) ? "(null)" : (x))

-- 
Ticket URL: <http://libssh2.stuge.se/ticket/175>
libssh2 <http://libssh2.stuge.se/>
C library for writing portable SSH2 clients
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2010-06-15