===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/misc.c,v
retrieving revision 1.181
retrieving revision 1.182
diff -u -r1.181 -r1.182
--- src/usr.bin/ssh/misc.c	2023/03/03 02:37:58	1.181
+++ src/usr.bin/ssh/misc.c	2023/07/14 05:31:44	1.182
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.181 2023/03/03 02:37:58 dtucker Exp $ */
+/* $OpenBSD: misc.c,v 1.182 2023/07/14 05:31:44 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2005-2020 Damien Miller.  All rights reserved.
@@ -879,8 +879,11 @@
 {
 	char *ret, *dst;
 	int ch;
+	size_t srclen;
 
-	ret = xmalloc(strlen(src) + 1);
+	if ((srclen = strlen(src)) >= SIZE_MAX)
+		fatal_f("input too large");
+	ret = xmalloc(srclen + 1);
 	for (dst = ret; *src != '\0'; src++) {
 		switch (*src) {
 		case '+':