pkg / sftp

SFTP support for the go.crypto/ssh package
BSD 2-Clause "Simplified" License
1.52k stars 380 forks source link

[bugfix] a nil-pointer safeguard has itself a nil-pointer deref #450

Closed puellanivis closed 3 years ago

puellanivis commented 3 years ago

Since the code is thus not fit for purpose, and we cannot just return an empty/nil slice, as the slices returned need to have an actual length to them to be properly used for reads; the code needs to just be removed.

Thinking about it while composing this PR description, a safeguard to ensure p.blen > 0 is a better choice. We will nil-pointer deref at that line if given a nil-pointer, but the panic message on the condition should serve a dual purpose of explaining why that nil-pointer deref can’t just be fixed with returning an empty slice.

Sure, “Don’t Panic” but this code should never panic, except under misuse within our own library, and should panic in the tests anyways, which should do the job of protecting code quality.