Add some missing bounds checks in signature verification routines.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9978 cda61777-01e9-0310-a592-d414129be87e

diff --git a/sshdss.c b/sshdss.c
index 532c13f..2b19a92 100644 (file)
--- a/sshdss.c
+++ b/sshdss.c
@@ -72,6 +72,9 @@ static Bignum get160(char **data, int *datalen)
 {
     Bignum b;
 
 {
     Bignum b;
 

+    if (*datalen < 20)
+        return NULL;
+

     b = bignum_from_bytes((unsigned char *)*data, 20);
     *data += 20;
     *datalen -= 20;
     b = bignum_from_bytes((unsigned char *)*data, 20);
     *data += 20;
     *datalen -= 20;

diff --git a/sshrsa.c b/sshrsa.c
index 7fb9694..c4a469e 100644 (file)
--- a/sshrsa.c
+++ b/sshrsa.c
@@ -842,6 +842,8 @@ static int rsa2_verifysig(void *key, char *sig, int siglen,
        return 0;
     }
     in = getmp(&sig, &siglen);
        return 0;
     }
     in = getmp(&sig, &siglen);

+    if (!in)
+        return 0;

     out = modpow(in, rsa->exponent, rsa->modulus);
     freebn(in);
 
     out = modpow(in, rsa->exponent, rsa->modulus);
     freebn(in);