From: simon <simon@cda61777-01e9-0310-a592-d414129be87e>
Date: Fri, 22 Oct 2004 16:50:51 +0000 (+0000)
Subject: Better bounds checking in the exit-signal handler.
X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/commitdiff_plain/4ec461e25fb99dd86224485c4f279384dde0ce6b

Better bounds checking in the exit-signal handler.


git-svn-id: svn://svn.tartarus.org/sgt/putty@4670 cda61777-01e9-0310-a592-d414129be87e
---

diff --git a/ssh.c b/ssh.c
index 174efe91..9661e2af 100644
--- a/ssh.c
+++ b/ssh.c
@@ -6418,9 +6418,10 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt)
 #define CHECK_HYPOTHESIS(offset, result) \
     do { \
 	long q = offset; \
-	if (q+4 <= len) { \
+	if (q >= 0 && q+4 <= len) { \
 	    q = q + 4 + GET_32BIT(p+q); \
-	    if (q+4 <= len && (q = q + 4 + GET_32BIT(p+q)) && q == len) \
+	    if (q >= 0 && q+4 <= len && \
+		    (q = q + 4 + GET_32BIT(p+q)) && q == len) \
 		result = TRUE; \
 	} \
     } while(0)