* _Completely_ silly lengths should be stomped on before they
* do us any more damage.
*/
- if (st->len < 0 || st->pad < 0 || st->len + st->pad < 0) {
+ if (st->len < 0 || st->len > 35000 || st->pad < 4 ||
+ st->len - st->pad < 1 || (st->len + 4) % st->cipherblk != 0) {
bombout(("Incoming packet was garbled on decryption"));
ssh_free_packet(st->pktin);
crStop(NULL);
unsigned char *p;
int i, n = (bignum_bitcount(b) + 7) / 8;
p = snewn(n + 1, unsigned char);
- if (!p)
- fatalbox("out of memory");
p[0] = 0;
for (i = 1; i <= n; i++)
p[i] = bignum_byte(b, n - i);
const char *err;
ssh->savedhost = snewn(1 + strlen(host), char);
- if (!ssh->savedhost)
- fatalbox("Out of memory");
strcpy(ssh->savedhost, host);
if (port < 0)
s->len = (hostkey.bytes > servkey.bytes ? hostkey.bytes : servkey.bytes);
s->rsabuf = snewn(s->len, unsigned char);
- if (!s->rsabuf)
- fatalbox("Out of memory");
/*
* Verify the host key.
int len = rsastr_len(&hostkey);
char fingerprint[100];
char *keystr = snewn(len, char);
- if (!keystr)
- fatalbox("Out of memory");
rsastr_fmt(keystr, &hostkey);
rsa_fingerprint(fingerprint, sizeof(fingerprint), &hostkey);