From 3533e7e58a07358c7a8e972ccc35d20b69461981 Mon Sep 17 00:00:00 2001
From: Josef Karthauser <joe@FreeBSD.org>
Date: Fri, 26 Sep 2003 19:15:53 +0000
Subject: [PATCH] Additional corrections to OpenSSH buffer handling.

Obtained from:  openssh.org
Originally committed to head by: nectar
---
 crypto/openssh/channels.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/crypto/openssh/channels.c b/crypto/openssh/channels.c
index 1937b02446b..218744d1ab4 100644
--- a/crypto/openssh/channels.c
+++ b/crypto/openssh/channels.c
@@ -229,12 +229,13 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
 	if (found == -1) {
 		/* There are no free slots.  Take last+1 slot and expand the array.  */
 		found = channels_alloc;
-		channels_alloc += 10;
 		if (channels_alloc > 10000)
 			fatal("channel_new: internal error: channels_alloc %d "
 			    "too big.", channels_alloc);
+		channels = xrealloc(channels,
+		    (channels_alloc + 10) * sizeof(Channel *));
+		channels_alloc += 10;
 		debug2("channel: expanding %d", channels_alloc);
-		channels = xrealloc(channels, channels_alloc * sizeof(Channel *));
 		for (i = found; i < channels_alloc; i++)
 			channels[i] = NULL;
 	}