File 0003-CVE-2012-4562-Fix-a-possible-infinite-loop-in-buffer.patch of Package libssh.openSUSE_12.1_Update

From 66c524db6fd3063e806d14239a98048a4c63337a Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Fri, 12 Oct 2012 11:35:20 +0200
Subject: [PATCH 03/11] CVE-2012-4562: Fix a possible infinite loop in
 buffer_reinit().

If needed is bigger than the highest power of two or a which fits in an
integer we will loop forever.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit fd09523c19be8dcdf7f83387d1f2f80f1bb0730d)
---
 src/buffer.c |   13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/buffer.c b/src/buffer.c
index 9e93a4a..79f81f5 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -110,13 +110,18 @@ void ssh_buffer_free(struct ssh_buffer_struct *buffer) {
   SAFE_FREE(buffer);
 }
 
-static int realloc_buffer(struct ssh_buffer_struct *buffer, int needed) {
-  int smallest = 1;
-  char *new = NULL;
+static int realloc_buffer(struct ssh_buffer_struct *buffer, size_t needed) {
+  size_t smallest = 1;
+  char *new;
+
   buffer_verify(buffer);
+
   /* Find the smallest power of two which is greater or equal to needed */
   while(smallest <= needed) {
-    smallest <<= 1;
+      if (smallest == 0) {
+          return -1;
+      }
+      smallest <<= 1;
   }
   needed = smallest;
   new = realloc(buffer->data, needed);
-- 
1.7.10.4