File get-data-overflow.patch of Package libssh
--- libssh-0.2.orig/libssh/buffer.c 2006-12-29 10:03:59.000000000 -0500
+++ libssh-0.2/libssh/buffer.c 2009-09-21 12:59:57.000000000 -0400
@@ -199,8 +199,13 @@
}
int buffer_get_data(BUFFER *buffer, void *data, int len){
- if(buffer->pos+len>buffer->used)
- return 0; /*no enough data in buffer */
+ /*
+ * Check for a integer overflow first, then check if not enough data is in
+ * the buffer.
+ */
+ if (buffer->pos + len < len || buffer->pos + len > buffer->used) {
+ return 0;
+ }
memcpy(data,buffer->data+buffer->pos,len);
buffer->pos+=len;
return len; /* no yet support for partial reads (is it really needed ?? ) */