On Sat, Sep 20, 2014 at 3:07 PM, Maxime Villard <m...@m00nbsd.net> wrote: > Hi, > I put here a bug among others: > > Index: ssh-ed25519.c > =================================================================== > RCS file: /cvs/src/usr.bin/ssh/ssh-ed25519.c,v > retrieving revision 1.4 > diff -u -r1.4 ssh-ed25519.c > --- ssh-ed25519.c 24 Jun 2014 01:13:21 -0000 1.4 > +++ ssh-ed25519.c 29 Aug 2014 10:28:35 -0000 > @@ -125,8 +125,10 @@ > r = SSH_ERR_INVALID_FORMAT; > goto out; > } > - if (datalen >= SIZE_MAX - len) > - return SSH_ERR_INVALID_ARGUMENT; > + if (datalen >= SIZE_MAX - len) { > + r = SSH_ERR_INVALID_ARGUMENT; > + goto out; > + } > smlen = len + datalen; > mlen = smlen; > if ((sm = malloc(smlen)) == NULL || (m = xmalloc(mlen)) == NULL) { > > Found by my code scanner. > > Maxime >
applied. thanks.