X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;ds=sidebyside;f=sshpubk.c;h=72aaaa97a5384aaccdea5dc4af922005987a24b4;hb=896bb7c74d06200d92f846d666224e3f9c80b634;hp=76aa343619b9038659de9a9cef2bc22ba55a8761;hpb=40ce043a97c71374d2118ed636a36b16a148d411;p=PuTTY.git

diff --git a/sshpubk.c b/sshpubk.c
index 76aa3436..72aaaa97 100644
--- a/sshpubk.c
+++ b/sshpubk.c
@@ -67,14 +67,15 @@ static int loadrsakey_main(FILE * fp, struct RSAKey *key, int pub_only,
     i += 4;
 
     /* Now the serious stuff. An ordinary SSH-1 public key. */
-    i += makekey(buf + i, len, key, NULL, 1);
-    if (i < 0)
+    j = makekey(buf + i, len, key, NULL, 1);
+    if (j < 0)
 	goto end;		       /* overran */
+    i += j;
 
     /* Next, the comment field. */
-    j = GET_32BIT(buf + i);
+    j = toint(GET_32BIT(buf + i));
     i += 4;
-    if (len - i < j)
+    if (j < 0 || len - i < j)
 	goto end;
     comment = snewn(j + 1, char);
     if (comment) {
@@ -257,8 +258,8 @@ int rsakey_pubblob(const Filename *filename, void **blob, int *bloblen,
 	    *blob = rsa_public_blob(&key, bloblen);
 	    freersakey(&key);
 	    ret = 1;
-	    fp = NULL;
 	}
+	fp = NULL; /* loadrsakey_main unconditionally closes fp */
     } else {
 	error = "not an SSH-1 RSA file";
     }
@@ -679,7 +680,6 @@ struct ssh2_userkey *ssh2_load_userkey(const Filename *filename,
 	cipher = 0;
 	cipherblk = 1;
     } else {
-	sfree(encryption);
 	goto error;
     }