X-Git-Url: https://git.distorted.org.uk/~mdw/sgt/putty/blobdiff_plain/d737853b942c17aeb9db09ef59046edd9daa652e..47061bb488400d53fd20deb52d51763d2caa056e:/sshrsa.c

diff --git a/sshrsa.c b/sshrsa.c
index 0c1b2ef5..7fb9694f 100644
--- a/sshrsa.c
+++ b/sshrsa.c
@@ -110,7 +110,7 @@ static void sha512_mpint(SHA512_State * s, Bignum b)
 	lenbuf[0] = bignum_byte(b, len);
 	SHA512_Bytes(s, lenbuf, 1);
     }
-    memset(lenbuf, 0, sizeof(lenbuf));
+    smemclr(lenbuf, sizeof(lenbuf));
 }
 
 /*
@@ -413,6 +413,7 @@ int rsa_verify(struct RSAKey *key)
     pm1 = copybn(key->p);
     decbn(pm1);
     ed = modmul(key->exponent, key->private_exponent, pm1);
+    freebn(pm1);
     cmp = bignum_cmp(ed, One);
     sfree(ed);
     if (cmp != 0)
@@ -421,6 +422,7 @@ int rsa_verify(struct RSAKey *key)
     qm1 = copybn(key->q);
     decbn(qm1);
     ed = modmul(key->exponent, key->private_exponent, qm1);
+    freebn(qm1);
     cmp = bignum_cmp(ed, One);
     sfree(ed);
     if (cmp != 0)
@@ -525,7 +527,9 @@ static void getstring(char **data, int *datalen, char **p, int *length)
     *p = NULL;
     if (*datalen < 4)
 	return;
-    *length = GET_32BIT(*data);
+    *length = toint(GET_32BIT(*data));
+    if (*length < 0)
+        return;
     *datalen -= 4;
     *data += 4;
     if (*datalen < *length)