X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=ssh.c;h=24391d38c8385303707ab2d7fdb2d2be69678ef8;hb=d3b993a9c1d5e66f5432fa73f1435ada191142ca;hp=66b316e5e25007536d76090a88fcfd43735a2b35;hpb=93712a3ee16b68d3cc70dbd144101e7eb0183a08;p=PuTTY.git

diff --git a/ssh.c b/ssh.c
index 66b316e5..24391d38 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1267,7 +1267,8 @@ static struct Packet *ssh2_rdpkt(Ssh ssh, unsigned char **data, int *datalen)
      * _Completely_ silly lengths should be stomped on before they
      * do us any more damage.
      */
-    if (st->len < 0 || st->pad < 0 || st->len + st->pad < 0) {
+    if (st->len < 0 || st->len > 35000 || st->pad < 4 ||
+	st->len - st->pad < 1 || (st->len + 4) % st->cipherblk != 0) {
 	bombout(("Incoming packet was garbled on decryption"));
 	ssh_free_packet(st->pktin);
 	crStop(NULL);
@@ -5723,7 +5724,7 @@ static int do_ssh2_transport(Ssh ssh, void *vin, int inlen,
      * it would only confuse the layer above.
      */
     if (s->activated_authconn) {
-	crReturn(1);
+	crReturn(0);
     }
     s->activated_authconn = TRUE;