Heap Corruption when calling ssh_path_expand_escape

["Althoff, Sven-Maurice" <Sven-Maurice.Althoff@xxxxxxxxx>]

Hello all,

I get a heap corruption exception, while initializing a connection. The exception get's thrown inside ssh_parse_config. My Code looks like this:


    m_session = ssh_new();

    if (m_session == NULL)

    {

        qCDebug(fileManagerView) << "Error initialize session";

        m_fh->connectionFailure(ip);

    }

    ssh_options_set(m_session, SSH_OPTIONS_HOST, ip.toStdString().c_str());

    ssh_options_set(m_session, SSH_OPTIONS_LOG_VERBOSITY, &m_verbosity);

    ssh_options_set(m_session, SSH_OPTIONS_PORT, &m_port);

//    ssh_options_parse_config(m_session, "C:/Users/adm-althoff/.ssh");

//    ssh_options_set(m_session, SSH_OPTIONS_SSH_DIR, "C:\\Users\\adm-althoff\\.ssh");



    // Connect to server

    if (ssh_connect(m_session) != SSH_OK)

Here is the part that throws the excpetion

/** @internal
* @brief expands a string in function of session options
* @param[in] s Format string to expand. Known parameters:
*              %d SSH configuration directory (~/.ssh)
*              %h target host name
*              %u local username
*              %l local hostname
*              %r remote username
*              %p remote port
* @returns Expanded string.
*/
char *ssh_path_expand_escape(ssh_session session, const char *s) {
    char host[NI_MAXHOST];
    char buf[MAX_BUF_SIZE];
    char *r, *x = NULL;
    const char *p;
    size_t i, l;

....

        i += strlen(x);
        if (i >= MAX_BUF_SIZE) {
            ssh_set_error(session, SSH_FATAL,
                    "String too long");
            free(x);
            free(r);
            return NULL;
        }
        l = strlen(buf);
        strncpy(buf + l, x, sizeof(buf) - l - 1);
        buf[i] = '\0';
        SAFE_FREE(x);    <== excpetion access violation error
    }

    free(r); <== excpetion access violation error, if I call ssh_parse_config
    return strdup(buf);
#undef MAX_BUF_SIZE
}

I use a compiled current stable-0.9 Version from the git repo. I don't have this issue with stable-0.8.

Freundliche Grüße / Best Regards

Sven-Maurice Althoff
Softwareentwickler
Digitalisierung und HMI

CHIRON-WERKE GmbH & Co. KG
Kreuzstraße 75, 78532 Tuttlingen
Tel:    +49 7461 940-3846
www.chiron.de

[CHIRONGroup_EMailBanner_PMP_RZ]<http://www.chiron-group.com/>



CHIRON-WERKE GmbH & Co. KG, Kreuzstr. 75, 78532 Tuttlingen, Amtsgericht Stuttgart HRA450798, Persönlich haftende Gesellschafterin: CHIRON-WERKE Beteiligungsgesellschaft mbH, Amtsgericht Stuttgart HRB450672, Geschäftsführer: Dr.-Ing./U. Cal. Markus Flik (Vorsitzender), Wolfgang Ehrk, Dr.-Ing. Claus Eppler, Vanessa Hellwing, Bernd Hilgarth, Dr.-Ing. Guido Spachtholz