Extra crash-safety in decoding a DSS signature blob

author Simon Tatham <anakin@pobox.com>

Fri, 2 Mar 2001 17:13:16 +0000 (17:13 +0000)

committer Simon Tatham <anakin@pobox.com>

Fri, 2 Mar 2001 17:13:16 +0000 (17:13 +0000)
author Simon Tatham <anakin@pobox.com>
Fri, 2 Mar 2001 17:13:16 +0000 (17:13 +0000)
committer Simon Tatham <anakin@pobox.com>
Fri, 2 Mar 2001 17:13:16 +0000 (17:13 +0000)
diff --git a/sshdss.c b/sshdss.c

index cf7fc3f73514c7e8a8984047fa2e9d617aeb7182..cef8e74ef0d11c8446563138e56a8b2a1976898d 100644 (file)
--- a/sshdss.c
+++ b/sshdss.c
@@ -204,7 +204,7 @@ static int dss_verifysig(void *key, char *sig, int siglen,
       */
      if (siglen != 40) {                /* bug not present; read admin fields */
          getstring(&sig, &siglen, &p, &slen);
-        if (!p || memcmp(p, "ssh-dss", 7)) {
+        if (!p || slen != 7 || memcmp(p, "ssh-dss", 7)) {
              return 0;
          }
          sig += 4, siglen -= 4;             /* skip yet another length field */
author	Simon Tatham <anakin@pobox.com>
	Fri, 2 Mar 2001 17:13:16 +0000 (17:13 +0000)
committer	Simon Tatham <anakin@pobox.com>
	Fri, 2 Mar 2001 17:13:16 +0000 (17:13 +0000)