X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/1388ecb1486e5763faf20f96e31bd69e918e2798..0016d70b76e2706064b54c9dd24d45a45646b0de:/sshbn.c

diff --git a/sshbn.c b/sshbn.c
index dc83c403..d32eb1bb 100644
--- a/sshbn.c
+++ b/sshbn.c
@@ -540,19 +540,25 @@ Bignum bignum_from_bytes(const unsigned char *data, int nbytes)
 
 /*
  * Read an ssh1-format bignum from a data buffer. Return the number
- * of bytes consumed.
+ * of bytes consumed, or -1 if there wasn't enough data.
  */
-int ssh1_read_bignum(const unsigned char *data, Bignum * result)
+int ssh1_read_bignum(const unsigned char *data, int len, Bignum * result)
 {
     const unsigned char *p = data;
     int i;
     int w, b;
 
+    if (len < 2)
+	return -1;
+
     w = 0;
     for (i = 0; i < 2; i++)
 	w = (w << 8) + *p++;
     b = (w + 7) / 8;		       /* bits -> bytes */
 
+    if (len < b+2)
+	return -1;
+
     if (!result)		       /* just return length */
 	return b + 2;