Fix segfault if the server maliciously sends the wrong type of key

after a different type has been agreed. [originally from svn r1165]
2025-03-12 18:13:50 -05:00 · 2001-08-04 12:37:43 +00:00 · 2001-08-04 12:37:43 +00:00 · 4fb01728e1
commit 4fb01728e1
parent a4c1aad9b2
1 changed files with 3 additions and 2 deletions
--- a/ssh.c
+++ b/ssh.c
@ -2955,8 +2955,9 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt)
 #endif

    hkey = hostkey->newkey(hostkeydata, hostkeylen);
-    if (!hostkey->verifysig(hkey, sigdata, siglen, exchange_hash, 20)) {
-	bombout(("Server failed host key check"));
+    if (!hkey ||
+	!hostkey->verifysig(hkey, sigdata, siglen, exchange_hash, 20)) {
+	bombout(("Server's host key did not match the signature supplied"));
 	crReturn(0);
    }