On Thu, 8 Sep 2011, Yang Tse wrote:
I believe that no libssh2 version uses uninitialized dynamically allocated
memory to gather entropy nor any kind of randomness. Could you confirm this?
Yes, that's correct.
The only use of uninitialized memory that would occur for that reason within
libssh2 is when it uses OpenSSL, but that would not be done to memory that
libssh2 uses malloc() on so it would not use the callback libcurl sets. (And
I'm not even sure that OpenSSL situation occurs with the way libssh2 uses it.)
I spotted your change and got curious as to exactly what memory that is, but
if it is fixed in 1.3.0 I think I'll just drop it...
--
/ daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
