On Mon, Aug 11, 2014 at 06:35:50PM +0200, Pino Toscano wrote: > --- > > p2v/ssh.c | 11 ++++++++++- > 1 file changed, 10 insertions(+), 1 deletion(-) > > diff --git a/p2v/ssh.c b/p2v/ssh.c > index 1e9b05c..ff906df 100644 > --- a/p2v/ssh.c > +++ b/p2v/ssh.c > @@ -505,7 +505,16 @@ open_data_connection (struct config *config, > int *local_port, int *remote_port)> > }, ovector, ovecsize)) { > > case 100: /* Ephemeral port. */ > > port_str = strndup (&h->buffer[ovector[2]], > ovector[3]-ovector[2]); > > - sscanf (port_str, "%d", remote_port); > + if (port_str == NULL) { > + set_ssh_error ("not enough memory for strndup"); > + mexp_close (h); > + return NULL; > + } > + if (sscanf (port_str, "%d", remote_port) != 1) { > + set_ssh_error ("cannot extract the port number from '%s'", > port_str); + mexp_close (h); > + return NULL; > + } > > break; ACK, although the regex ought to guarantee this already?