Fix off-by-one in memory management of PPK reading routine, which could cause

1-byte buffer overflow when reading .PPK files with long lines (>=128 bytes
in header value -- probably only happened in practice in the comment field).

git-svn-id: svn://svn.tartarus.org/sgt/putty@5427 cda61777-01e9-0310-a592-d414129be87e

diff --git a/sshpubk.c b/sshpubk.c
index 166afbc..bdd1a22 100644 (file)
--- a/sshpubk.c
+++ b/sshpubk.c
@@ -514,7 +514,7 @@ static char *read_body(FILE * fp)
            sfree(text);
            return NULL;
        }
-       if (len + 1 > size) {
+       if (len + 1 >= size) {
            size += 128;
            text = sresize(text, size, char);
        }