From 2c3e423480a1ae1db88dd644b062d1cc615d911b Mon Sep 17 00:00:00 2001
From: Andreas Schneider <mail@cynapses.org>
Date: Wed, 1 Apr 2009 19:59:17 +0000
Subject: Add memory error checking for packet functions.

git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/libssh/trunk@323 7dcaeef0-15fb-0310-b436-a5af3365683c
---
 libssh/packet.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/libssh/packet.c b/libssh/packet.c
index 6043e8d..b70887c 100644
--- a/libssh/packet.c
+++ b/libssh/packet.c
@@ -101,9 +101,14 @@ static int packet_read2(SSH_SESSION *session){
                 ret=ssh_socket_wait_for_data(session->socket,session,to_be_read);
                 if(ret!=SSH_OK){
                     leave_function();
-                	return ret;
+                    return ret;
+                }
+                packet = malloc(to_be_read);
+                if (packet == NULL) {
+                  ssh_set_error(session, SSH_FATAL, "No space left");
+                  leave_function();
+                  return SSH_ERROR;
                 }
-                packet=malloc(to_be_read);
                 ssh_socket_read(session->socket,packet,to_be_read-current_macsize);
                 ssh_log(session,SSH_LOG_PACKET,"Read a %d bytes packet",len);
                 buffer_add_data(session->in_buffer,packet,to_be_read-current_macsize);
@@ -207,7 +212,12 @@ static int packet_read1(SSH_SESSION *session){
             padding=8-(len % 8);
             to_be_read=len+padding;
             /* it is *not* possible that to_be_read be < 8. */
-            packet=malloc(to_be_read);
+            packet = malloc(to_be_read);
+            if (packet == NULL) {
+              ssh_set_error(session, SSH_FATAL,"No space left");
+              leave_function();
+              return SSH_ERROR;
+            }
             ret=ssh_socket_read(session->socket,packet,to_be_read);
             if(ret != SSH_OK){
             	free(packet);
-- 
cgit