]> asedeno.scripts.mit.edu Git - PuTTY.git/commitdiff
Fix off-by-one in memory management of PPK reading routine, which could cause
authorJacob Nevins <jacobn@chiark.greenend.org.uk>
Tue, 1 Mar 2005 23:48:45 +0000 (23:48 +0000)
committerJacob Nevins <jacobn@chiark.greenend.org.uk>
Tue, 1 Mar 2005 23:48:45 +0000 (23:48 +0000)
1-byte buffer overflow when reading .PPK files with long lines (>=128 bytes
in header value -- probably only happened in practice in the comment field).

[originally from svn r5427]

sshpubk.c

index 166afbcb97308d1d430512f0cbc5270155a61517..bdd1a22991212a3ec9e73b64f4685b61ce3fb01c 100644 (file)
--- a/sshpubk.c
+++ b/sshpubk.c
@@ -514,7 +514,7 @@ static char *read_body(FILE * fp)
            sfree(text);
            return NULL;
        }
-       if (len + 1 > size) {
+       if (len + 1 >= size) {
            size += 128;
            text = sresize(text, size, char);
        }