Fix a mismerge in kex null-pointer checks.

[PuTTY.git] / ssh.c

diff --git a/ssh.c b/ssh.c
index dd9696225bdf79e98b2b16bd57130f944395cc83..a41a576c66ec9d25dd18453c7fcf54c9d0291f14 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -6668,6 +6668,10 @@ static void do_ssh2_transport(Ssh ssh, void *vin, int inlen,
         }
         set_busy_status(ssh->frontend, BUSY_CPU); /* cogitate */
         ssh_pkt_getstring(pktin, &s->hostkeydata, &s->hostkeylen);
+        if (!s->hostkeydata) {
+            bombout(("unable to parse key exchange reply packet"));
+            crStopV;
+        }
         s->hkey = ssh->hostkey->newkey(s->hostkeydata, s->hostkeylen);
         s->f = ssh2_pkt_getmp(pktin);
         if (!s->f) {
@@ -6675,6 +6679,10 @@ static void do_ssh2_transport(Ssh ssh, void *vin, int inlen,
             crStopV;
         }
         ssh_pkt_getstring(pktin, &s->sigdata, &s->siglen);
+        if (!s->sigdata) {
+            bombout(("unable to parse key exchange reply packet"));
+            crStopV;
+        }
 
         {
             const char *err = dh_validate_f(ssh->kex_ctx, s->f);
@@ -6723,6 +6731,10 @@ static void do_ssh2_transport(Ssh ssh, void *vin, int inlen,
         }
 
         ssh_pkt_getstring(pktin, &s->hostkeydata, &s->hostkeylen);
+        if (!s->hostkeydata) {
+            bombout(("unable to parse RSA public key packet"));
+            crStopV;
+        }
         hash_string(ssh->kex->hash, ssh->exhash,
                    s->hostkeydata, s->hostkeylen);
        s->hkey = ssh->hostkey->newkey(s->hostkeydata, s->hostkeylen);
@@ -6730,6 +6742,10 @@ static void do_ssh2_transport(Ssh ssh, void *vin, int inlen,
         {
             char *keydata;
             ssh_pkt_getstring(pktin, &keydata, &s->rsakeylen);
+            if (!keydata) {
+                bombout(("unable to parse RSA public key packet"));
+                crStopV;
+            }
             s->rsakeydata = snewn(s->rsakeylen, char);
             memcpy(s->rsakeydata, keydata, s->rsakeylen);
         }
@@ -6806,6 +6822,10 @@ static void do_ssh2_transport(Ssh ssh, void *vin, int inlen,
         }
 
         ssh_pkt_getstring(pktin, &s->sigdata, &s->siglen);
+        if (!s->sigdata) {
+            bombout(("unable to parse signature packet"));
+            crStopV;
+        }
 
         sfree(s->rsakeydata);
     }