nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-09 17:38:00 +00:00
Code Issues Projects Releases Wiki Activity

Loosen the validity check in get_mp_ssh1.

Browse Source 
The SSH-1 spec says that it's legitimate to write an mp-int in which
the prefixed uint16 bit count is greater than the minimum number of
bits required to represent the number. I was enforcing that they had
to be actually equal, on pain of a BinarySource decoding error.
This commit is contained in:
Simon Tatham 2018-10-15 18:53:25 +01:00
parent e966df071c
commit 35a4283615
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sshbn.c
View File

@ -1588,7 +1588,9 @@ Bignum BinarySource_get_mp_ssh1(BinarySource *src)
return bignum_from_long(0);
} else {
Bignum toret = bignum_from_bytes(bytes.ptr, bytes.len);
if (bignum_bitcount(toret) != bitc) {
/* SSH-1.5 spec says that it's OK for the prefix uint16 to be
* _greater_ than the actual number of bits */
if (bignum_bitcount(toret) > bitc) {
src->err = BSE_INVALID;
freebn(toret);
toret = bignum_from_long(0);