I believe this patch fixes potential security hole in openssh up to 3.6p1

						-JiKos

--- buffer.c.orig	Wed Jun 26 11:14:27 2002
+++ buffer.c	Tue Sep 16 16:54:56 2003
@@ -70,6 +70,7 @@
 buffer_append_space(Buffer *buffer, u_int len)
 {
 	void *p;
+	u_int new_size;
 
 	if (len > 0x100000)
 		fatal("buffer_append_space: len %u not supported", len);
@@ -98,11 +99,12 @@
 		goto restart;
 	}
 	/* Increase the size of the buffer and retry. */
-	buffer->alloc += len + 32768;
-	if (buffer->alloc > 0xa00000)
+	new_size = buffer->alloc + len + 32768;
+	if (new_size > 0xa00000)
 		fatal("buffer_append_space: alloc %u not supported",
-		    buffer->alloc);
-	buffer->buf = xrealloc(buffer->buf, buffer->alloc);
+		    new_size);
+	buffer->buf = xrealloc(buffer->buf, new_size);
+	buffer->alloc = new_size;
 	goto restart;
 	/* NOTREACHED */
 }