X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=sshbn.c;h=d32eb1bbf355d90ea30070eedfa7eadb667308b3;hb=69303f2d3e815470863808456be37f55947c9522;hp=dc83c403111bec994beb121487f3c29c639db583;hpb=501997ab2b2cadfb0c717ad3f5fb2cd53f19ad37;p=PuTTY.git

diff --git a/sshbn.c b/sshbn.c
index dc83c403..d32eb1bb 100644
--- a/sshbn.c
+++ b/sshbn.c
@@ -540,19 +540,25 @@ Bignum bignum_from_bytes(const unsigned char *data, int nbytes)
 
 /*
  * Read an ssh1-format bignum from a data buffer. Return the number
- * of bytes consumed.
+ * of bytes consumed, or -1 if there wasn't enough data.
  */
-int ssh1_read_bignum(const unsigned char *data, Bignum * result)
+int ssh1_read_bignum(const unsigned char *data, int len, Bignum * result)
 {
     const unsigned char *p = data;
     int i;
     int w, b;
 
+    if (len < 2)
+	return -1;
+
     w = 0;
     for (i = 0; i < 2; i++)
 	w = (w << 8) + *p++;
     b = (w + 7) / 8;		       /* bits -> bytes */
 
+    if (len < b+2)
+	return -1;
+
     if (!result)		       /* just return length */
 	return b + 2;