projects
/
u
/
mdw
/
putty
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Extra crash-safety in decoding a DSS signature blob
[u/mdw/putty]
/
sshdss.c
diff --git
a/sshdss.c
b/sshdss.c
index
cf7fc3f
..
cef8e74
100644
(file)
--- a/
sshdss.c
+++ b/
sshdss.c
@@
-204,7
+204,7
@@
static int dss_verifysig(void *key, char *sig, int siglen,
*/
if (siglen != 40) { /* bug not present; read admin fields */
getstring(&sig, &siglen, &p, &slen);
*/
if (siglen != 40) { /* bug not present; read admin fields */
getstring(&sig, &siglen, &p, &slen);
- if (!p || memcmp(p, "ssh-dss", 7)) {
+ if (!p ||
slen != 7 ||
memcmp(p, "ssh-dss", 7)) {
return 0;
}
sig += 4, siglen -= 4; /* skip yet another length field */
return 0;
}
sig += 4, siglen -= 4; /* skip yet another length field */