More sensible error handling when we receive an SSH1 public key

modulus of zero (!!), and also a robustness fix in ssh1_rdpkt which
I happened to notice while debugging that.

git-svn-id: svn://svn.tartarus.org/sgt/putty@4516 cda61777-01e9-0310-a592-d414129be87e

diff --git a/ssh.c b/ssh.c
index 8ae552f..3e051f9 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -827,6 +827,12 @@ static int ssh1_rdpkt(Ssh ssh, unsigned char **data, int *datalen)
     st->biglen = st->len + st->pad;
     ssh->pktin.length = st->len - 5;
 
+    if (st->biglen < 0) {
+        bombout(("Extremely large packet length from server suggests"
+                " data stream corruption"));
+        crStop(0);
+    }
+
     if (ssh->pktin.maxlen < st->biglen) {
        ssh->pktin.maxlen = st->biglen;
        ssh->pktin.data = sresize(ssh->pktin.data, st->biglen + APIEXTRA,
@@ -2435,7 +2441,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen, int ispkt)
 
     if (!ssh1_pkt_getrsakey(ssh, &servkey, &s->keystr1) ||
        !ssh1_pkt_getrsakey(ssh, &hostkey, &s->keystr2)) {      
-       bombout(("SSH1 public key packet stopped before public keys"));
+       bombout(("Failed to read SSH1 public keys from public key packet"));
        crStop(0);
     }
 

diff --git a/sshrsa.c b/sshrsa.c
index e7fca00..f684c2a 100644 (file)
--- a/sshrsa.c
+++ b/sshrsa.c
@@ -54,7 +54,7 @@ int makekey(unsigned char *data, int len, struct RSAKey *result,
     }
 
     n = ssh1_read_bignum(p, len, result ? &result->modulus : NULL);
-    if (n < 0) return -1;
+    if (n < 0 || bignum_bitcount(result->modulus) == 0) return -1;
     if (result)
        result->bytes = n - 2;
     if (keystr)