[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Problem in ssh_set_error()


Hello,

I've found a design problem in ssh_set_error().

It accepts a void *error (usually a ssh_session but can be a ssh_bind
sometimes) and calls ssh_log(error,...)

ssh_log() accepts a session and calls a user callback to log, but this
callback is stored in a session so when there is a bind error, it segfaults

Better put with a bit of code:
/* src/bind.c */
static socket_t bind_socket(ssh_bind sshbind, const char *hostname,
    int port) {
    ...
    if (rc != 0) {
        ssh_set_error(sshbind,
                      SSH_FATAL,
                      "Resolving %s: %s", hostname, gai_strerror(rc));
        return -1;
    }

/* src/error.c */
ssh_set_error(void *error, int code, const char *descr, ...) {
    ...
    ssh_log(error,SSH_LOG_RARE,"Error : %s",err->error_buffer);
}

/* src/log.c */
void ssh_log(ssh_session session, int verbosity, const char *format, ...) {
    ...
    if (session->callbacks && session->callbacks->log_function) {
         *SEGFAULT*


Do you have an idea on how to fix ?

I see mainly two solutions:

1. add a identifier (magic bytes) at the begining of both ssh_session and
ssh_bind structures, add a switch(magic) in ssh_log() and add a log callback
into ssh_bind_struct (I would like to use my own log function).

2. duplicate ssh_set_error (ssh_set_bind_error ?), duplicate the log
function (ssh_log_bind) and add a log callback in ssh_bind_struct.

Open for discution.

Regards,
Milo

Archive administrator: postmaster@lists.cynapses.org