X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/1388ecb1486e5763faf20f96e31bd69e918e2798..0016d70b76e2706064b54c9dd24d45a45646b0de:/cmdgen.c

diff --git a/cmdgen.c b/cmdgen.c
index a5fccb07..467bab62 100644
--- a/cmdgen.c
+++ b/cmdgen.c
@@ -686,14 +686,26 @@ int main(int argc, char **argv)
 	    if (!load_encrypted) {
 		void *vblob;
 		char *blob;
-		int n, bloblen;
+		int n, l, bloblen;
 
 		ret = rsakey_pubblob(&infilename, &vblob, &bloblen, &error);
 		blob = (char *)vblob;
 
 		n = 4;		       /* skip modulus bits */
-		n += ssh1_read_bignum(blob + n, &ssh1key->exponent);
-		n += ssh1_read_bignum(blob + n, &ssh1key->modulus);
+		
+		l = ssh1_read_bignum(blob + n, bloblen - n,
+				     &ssh1key->exponent);
+		if (l < 0) {
+		    error = "SSH1 public key blob was too short";
+		} else {
+		    n += l;
+		    l = ssh1_read_bignum(blob + n, bloblen - n,
+					 &ssh1key->modulus);
+		    if (l < 0) {
+			error = "SSH1 public key blob was too short";
+		    } else
+			n += l;
+		}
 		ssh1key->comment = NULL;
 		ssh1key->private_exponent = NULL;
 	    } else {