The loaded known hosts shouldn't be tied to a session
UnitedMarsupials opened this issue · comments
Describe the bug
It does not make a difference for when a program only has a single SSH2_SESSION. Mine, however, opens and closes many -- and loading the known hosts database for each one becomes expensive.
The obvious way is to have it loaded once -- but then that one session can not be freed, requiring one to keep a reference to it.
I ended up dedicating a session to just that -- the known-hosts database -- without any socket, but that's quite an overhead of its own, given the size of the struct _LIBSSH2_SESSION
with all the buffers in it...
Why does libssh2_knownhost_init
need a session-argument at all? Is it just so that the session-specific malloc/free are used to manipulate the memory?
To Reproduce
Try using the result of an earlier call libssh2_knownhost_init(session)
after the libssh2_session_free(session)
-- valgrind (or Purify) will flag it as "access after free".
Expected behavior
The known hosts database is local and independent of any session/connection. The API should reflect that.
Version (please complete the following information):
- OS and version: FreeBSD-13, RHEL7
- libssh2 version: 1.10.0, 1.8.0 respectively
- crypto backend and version: OpenSSL