X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=sshpubk.c;h=ac9e0fa7e11e20bbbe1293aa2fa45dc12279b070;hb=1472aa2a265dfbfe7225729862ea21b5fb2da22f;hp=bd3c5e47c4cc66b5661844155e9e35acffa392ce;hpb=bbc9709b48515954f2f3eb631d1a6bea960bda18;p=PuTTY.git

diff --git a/sshpubk.c b/sshpubk.c
index bd3c5e47..ac9e0fa7 100644
--- a/sshpubk.c
+++ b/sshpubk.c
@@ -67,14 +67,15 @@ static int loadrsakey_main(FILE * fp, struct RSAKey *key, int pub_only,
     i += 4;
 
     /* Now the serious stuff. An ordinary SSH-1 public key. */
-    i += makekey(buf + i, len, key, NULL, 1);
-    if (i < 0)
+    j = makekey(buf + i, len, key, NULL, 1);
+    if (j < 0)
 	goto end;		       /* overran */
+    i += j;
 
     /* Next, the comment field. */
-    j = GET_32BIT(buf + i);
+    j = toint(GET_32BIT(buf + i));
     i += 4;
-    if (len - i < j)
+    if (j < 0 || len - i < j)
 	goto end;
     comment = snewn(j + 1, char);
     if (comment) {
@@ -462,7 +463,7 @@ static int read_header(FILE * fp, char *header)
     int len = 39;
     int c;
 
-    while (len > 0) {
+    while (1) {
 	c = fgetc(fp);
 	if (c == '\n' || c == '\r' || c == EOF)
 	    return 0;		       /* failure */
@@ -1007,6 +1008,8 @@ int ssh2_userkey_encrypted(const Filename *filename, char **commentptr)
 
     if (commentptr)
 	*commentptr = comment;
+    else
+        sfree(comment);
 
     fclose(fp);
     if (!strcmp(b, "aes256-cbc"))