From 64821979b1831465ceb067ecdcd9ae0f741d19a3 Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Fri, 22 Oct 2004 16:50:51 +0000 Subject: [PATCH] Better bounds checking in the exit-signal handler. [originally from svn r4670] --- ssh.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ssh.c b/ssh.c index 174efe91..9661e2af 100644 --- a/ssh.c +++ b/ssh.c @@ -6418,9 +6418,10 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt) #define CHECK_HYPOTHESIS(offset, result) \ do { \ long q = offset; \ - if (q+4 <= len) { \ + if (q >= 0 && q+4 <= len) { \ q = q + 4 + GET_32BIT(p+q); \ - if (q+4 <= len && (q = q + 4 + GET_32BIT(p+q)) && q == len) \ + if (q >= 0 && q+4 <= len && \ + (q = q + 4 + GET_32BIT(p+q)) && q == len) \ result = TRUE; \ } \ } while(0)