nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-25 01:02:24 +00:00
Code Issues Projects Releases Wiki Activity

More sensible error handling when we receive an SSH1 public key

Browse Source 
modulus of zero (!!), and also a robustness fix in ssh1_rdpkt which
I happened to notice while debugging that.

[originally from svn r4516]
This commit is contained in:
Simon Tatham 2004-08-28 16:51:26 +00:00
parent 60b9bfe3fe
commit e2cd7e404e
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ssh.c
View File

@ -827,6 +827,12 @@ static int ssh1_rdpkt(Ssh ssh, unsigned char **data, int *datalen)
st->biglen = st->len + st->pad;
ssh->pktin.length = st->len - 5;
if (st->biglen < 0) {
bombout(("Extremely large packet length from server suggests"
" data stream corruption"));
crStop(0);
}
if (ssh->pktin.maxlen < st->biglen) {
ssh->pktin.maxlen = st->biglen;
ssh->pktin.data = sresize(ssh->pktin.data, st->biglen + APIEXTRA,
@ -2435,7 +2441,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen, int ispkt)
if (!ssh1_pkt_getrsakey(ssh, &servkey, &s->keystr1) ||
!ssh1_pkt_getrsakey(ssh, &hostkey, &s->keystr2)) {
bombout(("SSH1 public key packet stopped before public keys"));
bombout(("Failed to read SSH1 public keys from public key packet"));
crStop(0);
}

2
sshrsa.c
View File

@ -54,7 +54,7 @@ int makekey(unsigned char *data, int len, struct RSAKey *result,
}
n = ssh1_read_bignum(p, len, result ? &result->modulus : NULL);
if (n < 0) return -1;
if (n < 0 || bignum_bitcount(result->modulus) == 0) return -1;
if (result)
result->bytes = n - 2;
if (keystr)