*p = NULL;
if (*datalen < 4)
return;
- *length = GET_32BIT(*data);
+ *length = toint(GET_32BIT(*data));
if (*length < 0)
return;
*datalen -= 4;
{
Bignum b;
+ if (*datalen < 20)
+ return NULL;
+
b = bignum_from_bytes((unsigned char *)*data, 20);
*data += 20;
*datalen -= 20;
freebn(w);
freebn(sha);
+ freebn(u1);
+ freebn(u2);
freebn(gu1p);
freebn(yu2p);
freebn(gu1yu2p);
ytest = modpow(dss->g, dss->x, dss->p);
if (0 != bignum_cmp(ytest, dss->y)) {
dss_freekey(dss);
+ freebn(ytest);
return NULL;
}
freebn(ytest);