i += 4;
/* Now the serious stuff. An ordinary SSH-1 public key. */
- i += makekey(buf + i, len, key, NULL, 1);
- if (i < 0)
+ j = makekey(buf + i, len, key, NULL, 1);
+ if (j < 0)
goto end; /* overran */
+ i += j;
/* Next, the comment field. */
j = GET_32BIT(buf + i);
i += 4;
- if (len - i < j)
+ if (j < 0 || len - i < j)
goto end;
comment = snewn(j + 1, char);
if (comment) {
*blob = rsa_public_blob(&key, bloblen);
freersakey(&key);
ret = 1;
- fp = NULL;
}
+ fp = NULL; /* loadrsakey_main unconditionally closes fp */
} else {
error = "not an SSH-1 RSA file";
}
cipher = 0;
cipherblk = 1;
} else {
- sfree(encryption);
goto error;
}