Subject: [libssh2] #290: segfault in diffie_hellman_sha1

[libssh2] #290: segfault in diffie_hellman_sha1

From: libssh2 Trac <>
Date: Wed, 03 Dec 2014 19:18:10 -0000

#290: segfault in diffie_hellman_sha1
 Reporter: mstrsn | Owner:
     Type: defect | Status: new
 Priority: normal | Milestone: 1.4.3
Component: crypto | Version: 1.4.2
 Keywords: | Blocked By:
   Blocks: |
 If an application happens to call the OpenSSL routine EVP_cleanup, then
 libssh2 will generate a segfault at the call to libssh2_sh1_update at line
 249 in kex.c. Of course, the application should not call EVP_cleanup
 prematurely, but to avoid crashes in your library, I suggest you guard
 against this possibility in a manner similar to your guard around the call
 to libssh2_md5_update at line 222 in kex.c.

Ticket URL: <>
libssh2 <>
C library for writing portable SSH2 clients
Received on 2014-12-03