MD5Final(digest, &md5c);
- sprintf(buffer, "%d ", ssh1_bignum_bitcount(dss->p));
+ sprintf(buffer, "ssh-dss %d ", ssh1_bignum_bitcount(dss->p));
for (i = 0; i < 16; i++)
sprintf(buffer+strlen(buffer), "%s%02x", i?":":"", digest[i]);
ret = smalloc(strlen(buffer)+1);
*/
if (siglen != 40) { /* bug not present; read admin fields */
getstring(&sig, &siglen, &p, &slen);
- if (!p || memcmp(p, "ssh-dss", 7)) {
+ if (!p || slen != 7 || memcmp(p, "ssh-dss", 7)) {
return 0;
}
sig += 4, siglen -= 4; /* skip yet another length field */