Extra crash-safety in decoding a DSS signature blob

[originally from svn r968]
2025-01-26 09:42:25 +00:00 · 2001-03-02 17:13:16 +00:00 · 2001-03-02 17:13:16 +00:00 · 902d0636fc
commit 902d0636fc
parent b182356f99
1 changed files with 1 additions and 1 deletions
--- a/sshdss.c
+++ b/sshdss.c
@ -204,7 +204,7 @@ static int dss_verifysig(void *key, char *sig, int siglen,
     */
    if (siglen != 40) {                /* bug not present; read admin fields */
        getstring(&sig, &siglen, &p, &slen);
-        if (!p || memcmp(p, "ssh-dss", 7)) {
+        if (!p || slen != 7 || memcmp(p, "ssh-dss", 7)) {
            return 0;
        }
        sig += 4, siglen -= 4;             /* skip yet another length field */