From: simon <simon@cda61777-01e9-0310-a592-d414129be87e>
Date: Fri, 2 Mar 2001 17:13:16 +0000 (+0000)
Subject: Extra crash-safety in decoding a DSS signature blob
X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/commitdiff_plain/efa4a6f2829acde3b9213b4f8f77bd9617321e2d

Extra crash-safety in decoding a DSS signature blob


git-svn-id: svn://svn.tartarus.org/sgt/putty@968 cda61777-01e9-0310-a592-d414129be87e
---

diff --git a/sshdss.c b/sshdss.c
index cf7fc3f7..cef8e74e 100644
--- a/sshdss.c
+++ b/sshdss.c
@@ -204,7 +204,7 @@ static int dss_verifysig(void *key, char *sig, int siglen,
      */
     if (siglen != 40) {                /* bug not present; read admin fields */
         getstring(&sig, &siglen, &p, &slen);
-        if (!p || memcmp(p, "ssh-dss", 7)) {
+        if (!p || slen != 7 || memcmp(p, "ssh-dss", 7)) {
             return 0;
         }
         sig += 4, siglen -= 4;             /* skip yet another length field */