From 6ae097069ad8e4658f14870c4d23409b88139810 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 10 Dec 2019 18:09:51 +0800
Subject: [PATCH] backport-fixes-the-oss-fuzz-bug

---
 src/buffer.c | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/src/buffer.c b/src/buffer.c
index da6e587..08529ee 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -1112,6 +1112,7 @@ int ssh_buffer_unpack_va(struct ssh_buffer_struct *buffer,
             goto cleanup;
         }
 
+        rc = SSH_ERROR;
         switch (*p) {
         case 'b':
             o.byte = va_arg(ap, uint8_t *);
@@ -1121,20 +1122,26 @@ int ssh_buffer_unpack_va(struct ssh_buffer_struct *buffer,
         case 'w':
             o.word = va_arg(ap,  uint16_t *);
             rlen = ssh_buffer_get_data(buffer, o.word, sizeof(uint16_t));
-            *o.word = ntohs(*o.word);
-            rc = rlen==2 ? SSH_OK : SSH_ERROR;
+            if (rlen == 2) {
+                *o.word = ntohs(*o.word);
+                rc = SSH_OK;
+	     }
             break;
         case 'd':
             o.dword = va_arg(ap, uint32_t *);
             rlen = ssh_buffer_get_u32(buffer, o.dword);
-            *o.dword = ntohl(*o.dword);
-            rc = rlen==4 ? SSH_OK : SSH_ERROR;
+            if (rlen == 4) {
+                *o.dword = ntohl(*o.dword);
+                rc = SSH_OK;
+            }
             break;
         case 'q':
             o.qword = va_arg(ap, uint64_t*);
             rlen = ssh_buffer_get_u64(buffer, o.qword);
-            *o.qword = ntohll(*o.qword);
-            rc = rlen==8 ? SSH_OK : SSH_ERROR;
+            if (rlen == 8) {
+                *o.qword = ntohll(*o.qword);
+                rc = SSH_OK;
+            }
             break;
         case 'S':
             o.string = va_arg(ap, ssh_string *);
-- 
2.19.1