On Fri, 10 Nov 2006, Daniel Stenberg wrote:

> With an ordinary apache http server running on port 80,
> libssh2_session_startup() gets stuck and initially it spent a lot of CPU but
> primarily it ate some 800MB of ram before I could break it... (and I believe
> it will eat even more if I allow it to).

I found and fixed the problem I got (in libssh2), and I just posted this patch
on the libssh2 mailing list. Since that is a rather stale project (and since
their mailing list archive is hosted on sourceforge that seems to get updated
very infrequently), I'll post is here too for reference:

--- packet.c~ 2006-06-22 20:31:55.000000000 +0200
+++ packet.c 2006-11-10 11:42:46.000000000 +0100
@@ -886,6 +886,19 @@
                          return -1;
                  }
                  packet_length = libssh2_ntohu32(buf);
+
+ /* RFC4253 section 6.1 Maximum Packet Length says:
+
+ "All implementations MUST be able to process packets with
+ uncompressed payload length of 32768 bytes or less and
+ total packet size of 35000 bytes or less (including length,
+ padding length, payload, padding, and MAC.)."
+
+ */
+ if(packet_length > 35000) {
+ return -1;
+ }
+
                  padding_length = buf[4];
  #ifdef LIBSSH2_DEBUG_TRANSPORT
          _libssh2_debug(session, LIBSSH2_DBG_TRANS, "Processing plaintext
packet %lu bytes long (with %lu bytes padding)", packet_length,
padding_length);

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html