===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshbuf.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- src/usr.bin/ssh/sshbuf.c	2020/02/26 13:40:09	1.15
+++ src/usr.bin/ssh/sshbuf.c	2022/04/08 04:40:40	1.16
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sshbuf.c,v 1.15 2020/02/26 13:40:09 jsg Exp $	*/
+/*	$OpenBSD: sshbuf.c,v 1.16 2022/04/08 04:40:40 djm Exp $	*/
 /*
  * Copyright (c) 2011 Damien Miller
  *
@@ -107,6 +107,8 @@
 	if ((r = sshbuf_check_sanity(child)) != 0 ||
 	    (r = sshbuf_check_sanity(parent)) != 0)
 		return r;
+	if (child->parent != NULL && child->parent != parent)
+		return SSH_ERR_INTERNAL_ERROR;
 	child->parent = parent;
 	child->parent->refcount++;
 	return 0;
@@ -175,7 +177,8 @@
 		buf->off = buf->size;
 		return;
 	}
-	(void) sshbuf_check_sanity(buf);
+	if (sshbuf_check_sanity(buf) != 0)
+		return;
 	buf->off = buf->size = 0;
 	if (buf->alloc != SSHBUF_SIZE_INIT) {
 		if ((d = recallocarray(buf->d, buf->alloc, SSHBUF_SIZE_INIT,
@@ -184,7 +187,7 @@
 			buf->alloc = SSHBUF_SIZE_INIT;
 		}
 	}
-	explicit_bzero(buf->d, SSHBUF_SIZE_INIT);
+	explicit_bzero(buf->d, buf->alloc);
 }
 
 size_t