from stanley lieber.  defend against overflow, or negative size in auth_proxy()

Reference: /n/atom/patch/applied2013/authproxyneg
Date: Thu Oct  3 16:46:40 CES 2013
Signed-off-by: quanstro@quanstro.net

--- /sys/src/libauth/auth_proxy.c	Thu Oct  3 16:46:14 2013
+++ /sys/src/libauth/auth_proxy.c	Thu Oct  3 16:46:14 2013
@@ -157,9 +157,10 @@
 			n = 0;
 			memset(buf, 0, AuthRpcMax);
 			while((ret = dorpc(rpc, "write", buf, n, getkey)) == ARtoosmall){
-				if(atoi(rpc->arg) > AuthRpcMax)
+				m = atoi(rpc->arg);
+				if(m <= n || m > AuthRpcMax)
 					break;
-				m = read(fd, buf + n, atoi(rpc->arg) - n);
+				m = read(fd, buf + n, m - n);
 				if(m <= 0){
 					if(m == 0)
 						werrstr("auth_proxy short read: %s",