X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=cmdgen.c;h=467bab62b4f1db2088b04e6b75856c02feae35c5;hb=2a88ce62b6f6c43c7a811bb4dd8f198ef58bb4b6;hp=a5fccb0773f2b3b6113200f1fbb72f9ae1dd4287;hpb=1f04a58f8daeaae79462e9a4b344551580664535;p=PuTTY.git

diff --git a/cmdgen.c b/cmdgen.c
index a5fccb07..467bab62 100644
--- a/cmdgen.c
+++ b/cmdgen.c
@@ -686,14 +686,26 @@ int main(int argc, char **argv)
 	    if (!load_encrypted) {
 		void *vblob;
 		char *blob;
-		int n, bloblen;
+		int n, l, bloblen;
 
 		ret = rsakey_pubblob(&infilename, &vblob, &bloblen, &error);
 		blob = (char *)vblob;
 
 		n = 4;		       /* skip modulus bits */
-		n += ssh1_read_bignum(blob + n, &ssh1key->exponent);
-		n += ssh1_read_bignum(blob + n, &ssh1key->modulus);
+		
+		l = ssh1_read_bignum(blob + n, bloblen - n,
+				     &ssh1key->exponent);
+		if (l < 0) {
+		    error = "SSH1 public key blob was too short";
+		} else {
+		    n += l;
+		    l = ssh1_read_bignum(blob + n, bloblen - n,
+					 &ssh1key->modulus);
+		    if (l < 0) {
+			error = "SSH1 public key blob was too short";
+		    } else
+			n += l;
+		}
 		ssh1key->comment = NULL;
 		ssh1key->private_exponent = NULL;
 	    } else {