| b.liu | e958203 | 2025-04-17 19:18:16 +0800 | [diff] [blame^] | 1 | --- a/crypt.c |
| 2 | +++ b/crypt.c |
| 3 | @@ -465,7 +465,17 @@ int decrypt(__G__ passwrd) |
| 4 | GLOBAL(pInfo->encrypted) = FALSE; |
| 5 | defer_leftover_input(__G); |
| 6 | for (n = 0; n < RAND_HEAD_LEN; n++) { |
| 7 | - b = NEXTBYTE; |
| 8 | + /* 2012-11-23 SMS. (OUSPG report.) |
| 9 | + * Quit early if compressed size < HEAD_LEN. The resulting |
| 10 | + * error message ("unable to get password") could be improved, |
| 11 | + * but it's better than trying to read nonexistent data, and |
| 12 | + * then continuing with a negative G.csize. (See |
| 13 | + * fileio.c:readbyte()). |
| 14 | + */ |
| 15 | + if ((b = NEXTBYTE) == (ush)EOF) |
| 16 | + { |
| 17 | + return PK_ERR; |
| 18 | + } |
| 19 | h[n] = (uch)b; |
| 20 | Trace((stdout, " (%02x)", h[n])); |
| 21 | } |