Better bounds checking in the exit-signal handler.

author simon <simon@cda61777-01e9-0310-a592-d414129be87e>

Fri, 22 Oct 2004 16:50:51 +0000 (16:50 +0000)

committer simon <simon@cda61777-01e9-0310-a592-d414129be87e>

Fri, 22 Oct 2004 16:50:51 +0000 (16:50 +0000)
author simon <simon@cda61777-01e9-0310-a592-d414129be87e>
Fri, 22 Oct 2004 16:50:51 +0000 (16:50 +0000)
committer simon <simon@cda61777-01e9-0310-a592-d414129be87e>
Fri, 22 Oct 2004 16:50:51 +0000 (16:50 +0000)
diff --git a/ssh.c b/ssh.c

index 174efe9..9661e2a 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -6418,9 +6418,10 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt)
  #define CHECK_HYPOTHESIS(offset, result) \
      do { \
         long q = offset; \
-       if (q+4 <= len) { \
+       if (q >= 0 && q+4 <= len) { \
             q = q + 4 + GET_32BIT(p+q); \
-           if (q+4 <= len && (q = q + 4 + GET_32BIT(p+q)) && q == len) \
+           if (q >= 0 && q+4 <= len && \
+                   (q = q + 4 + GET_32BIT(p+q)) && q == len) \
                 result = TRUE; \
         } \
      } while(0)
author	simon <simon@cda61777-01e9-0310-a592-d414129be87e>
	Fri, 22 Oct 2004 16:50:51 +0000 (16:50 +0000)
committer	simon <simon@cda61777-01e9-0310-a592-d414129be87e>
	Fri, 22 Oct 2004 16:50:51 +0000 (16:50 +0000)