From 8cd211c5614d04163ef750283efd53dd2f129e68 Mon Sep 17 00:00:00 2001
From: nectar <nectar@FreeBSD.org>
Date: Tue, 16 Sep 2003 06:11:58 +0000
Subject: Do not record expanded size before attempting to reallocate
 associated memory.

Obtained from:	OpenBSD
---
 crypto/openssh/buffer.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

(limited to 'crypto')

diff --git a/crypto/openssh/buffer.c b/crypto/openssh/buffer.c
index ad04b26..8ff8c2f 100644
--- a/crypto/openssh/buffer.c
+++ b/crypto/openssh/buffer.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: buffer.c,v 1.16 2002/06/26 08:54:18 markus Exp $");
+RCSID("$OpenBSD: buffer.c,v 1.17 2003/09/16 03:03:47 deraadt Exp $");
 
 #include "xmalloc.h"
 #include "buffer.h"
@@ -69,6 +69,7 @@ buffer_append(Buffer *buffer, const void *data, u_int len)
 void *
 buffer_append_space(Buffer *buffer, u_int len)
 {
+	u_int newlen;
 	void *p;
 
 	if (len > 0x100000)
@@ -98,11 +99,13 @@ restart:
 		goto restart;
 	}
 	/* Increase the size of the buffer and retry. */
-	buffer->alloc += len + 32768;
-	if (buffer->alloc > 0xa00000)
+	
+	newlen = buffer->alloc + len + 32768;
+	if (newlen > 0xa00000)
 		fatal("buffer_append_space: alloc %u not supported",
-		    buffer->alloc);
-	buffer->buf = xrealloc(buffer->buf, buffer->alloc);
+		    newlen);
+	buffer->buf = xrealloc(buffer->buf, newlen);
+	buffer->alloc = newlen;
 	goto restart;
 	/* NOTREACHED */
 }
-- 
cgit v1.1