Add some missing bounds checks in signature verification routines.

[u/mdw/putty] / sshdss.c

diff --git a/sshdss.c b/sshdss.c
index 532c13f..2b19a92 100644 (file)
--- a/sshdss.c
+++ b/sshdss.c
@@ -72,6 +72,9 @@ static Bignum get160(char **data, int *datalen)
 {
     Bignum b;
 
+    if (*datalen < 20)
+        return NULL;
+
     b = bignum_from_bytes((unsigned char *)*data, 20);
     *data += 20;
     *datalen -= 20;