Fix off-by-one in memory management of PPK reading routine, which could cause

1-byte buffer overflow when reading .PPK files with long lines (>=128 bytes
in header value -- probably only happened in practice in the comment field).

[originally from svn r5427]

diff --git a/sshpubk.c b/sshpubk.c
index 166afbcb97308d1d430512f0cbc5270155a61517..bdd1a22991212a3ec9e73b64f4685b61ce3fb01c 100644 (file)
--- a/sshpubk.c
+++ b/sshpubk.c
@@ -514,7 +514,7 @@ static char *read_body(FILE * fp)
            sfree(text);
            return NULL;
        }
-       if (len + 1 > size) {
+       if (len + 1 >= size) {
            size += 128;
            text = sresize(text, size, char);
        }