===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/misc.c,v
retrieving revision 1.107
retrieving revision 1.108
diff -u -r1.107 -r1.108
--- src/usr.bin/ssh/misc.c	2016/11/30 00:28:31	1.107
+++ src/usr.bin/ssh/misc.c	2017/03/14 00:25:03	1.108
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.107 2016/11/30 00:28:31 dtucker Exp $ */
+/* $OpenBSD: misc.c,v 1.108 2017/03/14 00:25:03 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2005,2006 Damien Miller.  All rights reserved.
@@ -289,7 +289,7 @@
 long
 convtime(const char *s)
 {
-	long total, secs;
+	long total, secs, multiplier = 1;
 	const char *p;
 	char *endp;
 
@@ -316,23 +316,28 @@
 			break;
 		case 'm':
 		case 'M':
-			secs *= MINUTES;
+			multiplier = MINUTES;
 			break;
 		case 'h':
 		case 'H':
-			secs *= HOURS;
+			multiplier = HOURS;
 			break;
 		case 'd':
 		case 'D':
-			secs *= DAYS;
+			multiplier = DAYS;
 			break;
 		case 'w':
 		case 'W':
-			secs *= WEEKS;
+			multiplier = WEEKS;
 			break;
 		default:
 			return -1;
 		}
+		if (secs > LONG_MAX / multiplier)
+			return -1;
+		secs *= multiplier;
+		if  (total > LONG_MAX - secs)
+			return -1;
 		total += secs;
 		if (total < 0)
 			return -1;