Extra crash-safety in decoding a DSS signature blob

author simon <simon@cda61777-01e9-0310-a592-d414129be87e>

Fri, 2 Mar 2001 17:13:16 +0000 (17:13 +0000)

committer simon <simon@cda61777-01e9-0310-a592-d414129be87e>

Fri, 2 Mar 2001 17:13:16 +0000 (17:13 +0000)
author simon <simon@cda61777-01e9-0310-a592-d414129be87e>
Fri, 2 Mar 2001 17:13:16 +0000 (17:13 +0000)
committer simon <simon@cda61777-01e9-0310-a592-d414129be87e>
Fri, 2 Mar 2001 17:13:16 +0000 (17:13 +0000)
diff --git a/sshdss.c b/sshdss.c

index cf7fc3f..cef8e74 100644 (file)
--- a/sshdss.c
+++ b/sshdss.c
@@ -204,7 +204,7 @@ static int dss_verifysig(void *key, char *sig, int siglen,
       */
      if (siglen != 40) {                /* bug not present; read admin fields */
          getstring(&sig, &siglen, &p, &slen);
-        if (!p || memcmp(p, "ssh-dss", 7)) {
+        if (!p || slen != 7 || memcmp(p, "ssh-dss", 7)) {
              return 0;
          }
          sig += 4, siglen -= 4;             /* skip yet another length field */
author	simon <simon@cda61777-01e9-0310-a592-d414129be87e>
	Fri, 2 Mar 2001 17:13:16 +0000 (17:13 +0000)
committer	simon <simon@cda61777-01e9-0310-a592-d414129be87e>
	Fri, 2 Mar 2001 17:13:16 +0000 (17:13 +0000)