projects
/
u
/
mdw
/
putty
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merged SSH1 robustness changes from 0.55 release branch on to trunk.
[u/mdw/putty]
/
sshbn.c
diff --git
a/sshbn.c
b/sshbn.c
index
dc83c40
..
d32eb1b
100644
(file)
--- a/
sshbn.c
+++ b/
sshbn.c
@@
-540,19
+540,25
@@
Bignum bignum_from_bytes(const unsigned char *data, int nbytes)
/*
* Read an ssh1-format bignum from a data buffer. Return the number
/*
* Read an ssh1-format bignum from a data buffer. Return the number
- * of bytes consumed.
+ * of bytes consumed
, or -1 if there wasn't enough data
.
*/
*/
-int ssh1_read_bignum(const unsigned char *data, Bignum * result)
+int ssh1_read_bignum(const unsigned char *data,
int len,
Bignum * result)
{
const unsigned char *p = data;
int i;
int w, b;
{
const unsigned char *p = data;
int i;
int w, b;
+ if (len < 2)
+ return -1;
+
w = 0;
for (i = 0; i < 2; i++)
w = (w << 8) + *p++;
b = (w + 7) / 8; /* bits -> bytes */
w = 0;
for (i = 0; i < 2; i++)
w = (w << 8) + *p++;
b = (w + 7) / 8; /* bits -> bytes */
+ if (len < b+2)
+ return -1;
+
if (!result) /* just return length */
return b + 2;
if (!result) /* just return length */
return b + 2;