From 091368d220681f5c84db216f63f27dc11245a9c9 Mon Sep 17 00:00:00 2001
From: Mariusz Mazur <mmazur@pld-linux.org>
Date: Tue, 16 Sep 2003 14:28:14 +0000
Subject: [PATCH] - newest buffer overflow fix

Changed files:
    openssh-buffer_c_overflow.patch -> 1.1
---
 openssh-buffer_c_overflow.patch | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 openssh-buffer_c_overflow.patch

diff --git a/openssh-buffer_c_overflow.patch b/openssh-buffer_c_overflow.patch
new file mode 100644
index 0000000..46213d9
--- /dev/null
+++ b/openssh-buffer_c_overflow.patch
@@ -0,0 +1,24 @@
+--- buffer.c~	Tue Sep 16 16:18:17 2003
++++ buffer.c	Tue Sep 16 16:26:59 2003
+@@ -69,6 +69,7 @@
+ void *
+ buffer_append_space(Buffer *buffer, u_int len)
+ {
++	u_int newlen;
+ 	void *p;
+ 
+ 	/* If the buffer is empty, start using it from the beginning. */
+@@ -95,8 +96,11 @@
+ 		goto restart;
+ 	}
+ 	/* Increase the size of the buffer and retry. */
+-	buffer->alloc += len + 32768;
+-	buffer->buf = xrealloc(buffer->buf, buffer->alloc);
++	newlen = buffer->alloc + len + 32768;
++	if (newlen > 0xa00000)
++		fatal("buffer_append_space: alloc %u not supported", newlen);
++	buffer->buf = xrealloc(buffer->buf, newlen);
++	buffer->alloc = newlen;
+ 	goto restart;
+ 	/* NOTREACHED */
+ }
-- 
2.43.0