From d77148e3a3ef6c29b26ec74331455394581aa257 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Sun, 8 Nov 2015 21:59:11 +0000
Subject: upstream commit

fix OOB read in packet code caused by missing return
 statement found by Ben Hawkes; ok markus@ deraadt@

Upstream-ID: a3e3a85434ebfa0690d4879091959591f30efc62
---
 packet.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/packet.c b/packet.c
index 01d3e2970..7b5c419eb 100644
--- a/packet.c
+++ b/packet.c
@@ -1581,6 +1581,7 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
 			logit("Bad packet length %u.", state->packlen);
 			if ((r = sshpkt_disconnect(ssh, "Packet corrupt")) != 0)
 				return r;
+			return SSH_ERR_CONN_CORRUPT;
 		}
 		sshbuf_reset(state->incoming_packet);
 	} else if (state->packlen == 0) {
-- 
cgit v1.2.3