~mdw
/
sgt
/
putty
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Add an assortment of extra safety checks.
[sgt/putty]
/
sshdss.c
diff --git
a/sshdss.c
b/sshdss.c
index
6cf5830
..
1f15cee
100644
(file)
--- a/
sshdss.c
+++ b/
sshdss.c
@@
-43,6
+43,8
@@
static void getstring(char **data, int *datalen, char **p, int *length)
if (*datalen < 4)
return;
*length = GET_32BIT(*data);
if (*datalen < 4)
return;
*length = GET_32BIT(*data);
+ if (*length < 0)
+ return;
*datalen -= 4;
*data += 4;
if (*datalen < *length)
*datalen -= 4;
*data += 4;
if (*datalen < *length)
@@
-98,7
+100,7
@@
static void *dss_newkey(char *data, int len)
}
#endif
}
#endif
- if (!p || memcmp(p, "ssh-dss", 7)) {
+ if (!p ||
slen != 7 ||
memcmp(p, "ssh-dss", 7)) {
sfree(dss);
return NULL;
}
sfree(dss);
return NULL;
}