Fix a couple of code paths on which, if fxp_readdir returned an error,

[sgt/putty] / sshpubk.c

diff --git a/sshpubk.c b/sshpubk.c
index 76aa343..4db37c2 100644 (file)
--- a/sshpubk.c
+++ b/sshpubk.c
@@ -67,14 +67,15 @@ static int loadrsakey_main(FILE * fp, struct RSAKey *key, int pub_only,
     i += 4;
 
     /* Now the serious stuff. An ordinary SSH-1 public key. */
-    i += makekey(buf + i, len, key, NULL, 1);
-    if (i < 0)
+    j = makekey(buf + i, len, key, NULL, 1);
+    if (j < 0)
        goto end;                      /* overran */
+    i += j;
 
     /* Next, the comment field. */
     j = GET_32BIT(buf + i);
     i += 4;
-    if (len - i < j)
+    if (j < 0 || len - i < j)
        goto end;
     comment = snewn(j + 1, char);
     if (comment) {
@@ -257,8 +258,8 @@ int rsakey_pubblob(const Filename *filename, void **blob, int *bloblen,
            *blob = rsa_public_blob(&key, bloblen);
            freersakey(&key);
            ret = 1;
-           fp = NULL;
        }
+       fp = NULL; /* loadrsakey_main unconditionally closes fp */
     } else {
        error = "not an SSH-1 RSA file";
     }
@@ -679,7 +680,6 @@ struct ssh2_userkey *ssh2_load_userkey(const Filename *filename,
        cipher = 0;
        cipherblk = 1;
     } else {
-       sfree(encryption);
        goto error;
     }