From efa4a6f2829acde3b9213b4f8f77bd9617321e2d Mon Sep 17 00:00:00 2001
From: simon <simon@cda61777-01e9-0310-a592-d414129be87e>
Date: Fri, 2 Mar 2001 17:13:16 +0000
Subject: [PATCH] Extra crash-safety in decoding a DSS signature blob

git-svn-id: svn://svn.tartarus.org/sgt/putty@968 cda61777-01e9-0310-a592-d414129be87e
---
 sshdss.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sshdss.c b/sshdss.c
index cf7fc3f7..cef8e74e 100644
--- a/sshdss.c
+++ b/sshdss.c
@@ -204,7 +204,7 @@ static int dss_verifysig(void *key, char *sig, int siglen,
      */
     if (siglen != 40) {                /* bug not present; read admin fields */
         getstring(&sig, &siglen, &p, &slen);
-        if (!p || memcmp(p, "ssh-dss", 7)) {
+        if (!p || slen != 7 || memcmp(p, "ssh-dss", 7)) {
             return 0;
         }
         sig += 4, siglen -= 4;             /* skip yet another length field */
-- 
2.11.0