# HG changeset patch
# User Matt Johnston <matt@ucc.asn.au>
# Date 1495294741 -28800
# Node ID 665dd8957a67c93c3fe5964b79710491769a3585
# Parent  6b89eb92f872928dfd158d4b10e861bedfe1a061
make buf_getstring fail prior to malloc if the buffer is short

diff -r 6b89eb92f872 -r 665dd8957a67 buffer.c
--- a/buffer.c	Sat May 20 22:47:19 2017 +0800
+++ b/buffer.c	Sat May 20 23:39:01 2017 +0800
@@ -209,6 +209,7 @@
 
 	unsigned int len;
 	char* ret;
+	void* src = NULL;
 	len = buf_getint(buf);
 	if (len > MAX_STRING_LEN) {
 		dropbear_exit("String too long");
@@ -217,8 +218,9 @@
 	if (retlen != NULL) {
 		*retlen = len;
 	}
+	src = buf_getptr(buf, len);
 	ret = m_malloc(len+1);
-	memcpy(ret, buf_getptr(buf, len), len);
+	memcpy(ret, src, len);
 	buf_incrpos(buf, len);
 	ret[len] = '\0';