st->biglen = st->len + st->pad;
ssh->pktin.length = st->len - 5;
+ if (st->biglen < 0) {
+ bombout(("Extremely large packet length from server suggests"
+ " data stream corruption"));
+ crStop(0);
+ }
+
if (ssh->pktin.maxlen < st->biglen) {
ssh->pktin.maxlen = st->biglen;
ssh->pktin.data = sresize(ssh->pktin.data, st->biglen + APIEXTRA,
if (!ssh1_pkt_getrsakey(ssh, &servkey, &s->keystr1) ||
!ssh1_pkt_getrsakey(ssh, &hostkey, &s->keystr2)) {
- bombout(("SSH1 public key packet stopped before public keys"));
+ bombout(("Failed to read SSH1 public keys from public key packet"));
crStop(0);
}
}
n = ssh1_read_bignum(p, len, result ? &result->modulus : NULL);
- if (n < 0) return -1;
+ if (n < 0 || bignum_bitcount(result->modulus) == 0) return -1;
if (result)
result->bytes = n - 2;
if (keystr)