diff --git a/ChangeLog b/ChangeLog
index 9e002568a..34fe5f7f6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+20020820
+ - OpenBSD CVS Sync
+   - millert@cvs.openbsd.org 2002/08/02 14:43:15
+     [monitor.c monitor_mm.c]
+     Change mm_zalloc() sanity checks to be more in line with what
+     we do in calloc() and add a check to monitor_mm.c.
+     OK provos@ and markus@
+
 20020813
  - (tim) [configure.ac] Display OpenSSL header/library version.
    Patch by dtucker@zip.com.au
@@ -1494,4 +1502,4 @@
  - (stevesk) entropy.c: typo in debug message
  - (djm) ssh-keygen -i needs seeded RNG; report from markus@
 
-$Id: ChangeLog,v 1.2414 2002/08/14 01:52:10 tim Exp $
+$Id: ChangeLog,v 1.2415 2002/08/20 18:36:25 mouring Exp $
diff --git a/monitor.c b/monitor.c
index 7da929c6d..8e7ccf894 100644
--- a/monitor.c
+++ b/monitor.c
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.22 2002/07/22 17:32:56 stevesk Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.23 2002/08/02 14:43:15 millert Exp $");
 
 #include <openssl/dh.h>
 
@@ -1454,10 +1454,10 @@ mm_get_keystate(struct monitor *pmonitor)
 void *
 mm_zalloc(struct mm_master *mm, u_int ncount, u_int size)
 {
-	int len = size * ncount;
+	size_t len = size * ncount;
 	void *address;
 
-	if (len <= 0 || size > 65535 || ncount > 65535)
+	if (len == 0 || ncount > SIZE_T_MAX / size)
 		fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size);
 
 	address = mm_malloc(mm, len);
diff --git a/monitor_mm.c b/monitor_mm.c
index fbf57b439..b4a6e40c9 100644
--- a/monitor_mm.c
+++ b/monitor_mm.c
@@ -24,7 +24,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: monitor_mm.c,v 1.7 2002/06/28 01:49:31 millert Exp $");
+RCSID("$OpenBSD: monitor_mm.c,v 1.8 2002/08/02 14:43:15 millert Exp $");
 
 #ifdef HAVE_SYS_MMAN_H
 #include <sys/mman.h>
@@ -167,8 +167,10 @@ mm_malloc(struct mm_master *mm, size_t size)
 
 	if (size == 0)
 		fatal("mm_malloc: try to allocate 0 space");
+	if (size > SIZE_T_MAX - MM_MINSIZE + 1)
+		fatal("mm_malloc: size too big");
 
-	size = ((size + MM_MINSIZE - 1) / MM_MINSIZE) * MM_MINSIZE;
+	size = ((size + (MM_MINSIZE - 1)) / MM_MINSIZE) * MM_MINSIZE;
 
 	RB_FOREACH(mms, mmtree, &mm->rb_free) {
 		if (mms->size >= size)