Better bounds checking in the exit-signal handler.

author Simon Tatham <anakin@pobox.com>

Fri, 22 Oct 2004 16:50:51 +0000 (16:50 +0000)

committer Simon Tatham <anakin@pobox.com>

Fri, 22 Oct 2004 16:50:51 +0000 (16:50 +0000)
author Simon Tatham <anakin@pobox.com>
Fri, 22 Oct 2004 16:50:51 +0000 (16:50 +0000)
committer Simon Tatham <anakin@pobox.com>
Fri, 22 Oct 2004 16:50:51 +0000 (16:50 +0000)
diff --git a/ssh.c b/ssh.c

index 174efe91b0b3b53a47efff3d073bd20f498ca914..9661e2afabff8033808cbf72b122aa6654ae96ef 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -6418,9 +6418,10 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt)
  #define CHECK_HYPOTHESIS(offset, result) \
      do { \
         long q = offset; \
-       if (q+4 <= len) { \
+       if (q >= 0 && q+4 <= len) { \
             q = q + 4 + GET_32BIT(p+q); \
-           if (q+4 <= len && (q = q + 4 + GET_32BIT(p+q)) && q == len) \
+           if (q >= 0 && q+4 <= len && \
+                   (q = q + 4 + GET_32BIT(p+q)) && q == len) \
                 result = TRUE; \
         } \
      } while(0)
author	Simon Tatham <anakin@pobox.com>
	Fri, 22 Oct 2004 16:50:51 +0000 (16:50 +0000)
committer	Simon Tatham <anakin@pobox.com>
	Fri, 22 Oct 2004 16:50:51 +0000 (16:50 +0000)