]> asedeno.scripts.mit.edu Git - PuTTY.git/commitdiff
projects / PuTTY.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bc20761)
Add another missing bounds check in the SSH-1 private key loader.
authorSimon Tatham <anakin@pobox.com>
Thu, 11 Jul 2013 17:24:01 +0000 (17:24 +0000)
committerSimon Tatham <anakin@pobox.com>
Thu, 11 Jul 2013 17:24:01 +0000 (17:24 +0000)
[originally from svn r9904]

sshpubk.c patch | blob | history

diff --git a/sshpubk.c b/sshpubk.c
index bd3c5e47c4cc66b5661844155e9e35acffa392ce..b860040dbfbe55f321978a8c2b0d8c6fdead895f 100644 (file)
--- a/sshpubk.c
+++ b/sshpubk.c
@@ -74,7 +74,7 @@ static int loadrsakey_main(FILE * fp, struct RSAKey *key, int pub_only,
     /* Next, the comment field. */
     j = GET_32BIT(buf + i);
     i += 4;
-    if (len - i < j)
+    if (j < 0 || len - i < j)
        goto end;
     comment = snewn(j + 1, char);
     if (comment) {
local copy of git://git.tartarus.org/simon/putty.git