]> asedeno.scripts.mit.edu Git - PuTTY.git/commitdiff
rsa2_pubkey_bits: Cope correctly with a NULL return from rsa2_newkey()
authorBen Harris <bjh21@bjh21.me.uk>
Fri, 9 Oct 2015 23:58:11 +0000 (00:58 +0100)
committerBen Harris <bjh21@bjh21.me.uk>
Wed, 28 Oct 2015 22:08:32 +0000 (22:08 +0000)
Dereferencing it is not correct.
Bug found with the help of afl-fuzz.

sshrsa.c

index 850204c7ad1fb47f221abbd22c4b9da0a61e7ac9..e565a64ac791ff7be104a17f27814f4962f32fc7 100644 (file)
--- a/sshrsa.c
+++ b/sshrsa.c
@@ -773,6 +773,8 @@ static int rsa2_pubkey_bits(const struct ssh_signkey *self,
     int ret;
 
     rsa = rsa2_newkey(self, (const char *) blob, len);
+    if (!rsa)
+       return -1;
     ret = bignum_bitcount(rsa->modulus);
     rsa2_freekey(rsa);