Avoid trying to take the modular inverse of zero in response to a

sufficiently silly DSA signature. [originally from svn r9989]
2025-01-09 17:38:00 +00:00 · 2013-08-04 19:34:00 +00:00 · 2013-08-04 19:34:00 +00:00 · 9c054cf467
commit 9c054cf467
parent bf9b9224d8
1 changed files with 6 additions and 0 deletions
--- a/sshdss.c
+++ b/sshdss.c
@ -276,6 +276,12 @@ static int dss_verifysig(void *key, char *sig, int siglen,
 	return 0;
    }

+    if (!bignum_cmp(s, Zero)) {
+        freebn(r);
+        freebn(s);
+        return 0;
+    }
+
    /*
     * Step 1. w <- s^-1 mod q.
     */