]> asedeno.scripts.mit.edu Git - PuTTY.git/commitdiff
projects / PuTTY.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e3fe709)
ecdsa_newkey: fix a crash where the second curve name is missing or corrupt.
authorBen Harris <bjh21@bjh21.me.uk>
Fri, 9 Oct 2015 23:11:15 +0000 (00:11 +0100)
committerBen Harris <bjh21@bjh21.me.uk>
Wed, 28 Oct 2015 22:08:32 +0000 (22:08 +0000)
Bug found with the help of afl-fuzz.

sshecc.c patch | blob | history

diff --git a/sshecc.c b/sshecc.c
index 5f170215dbc2dd9764158b5334254943ae40709c..9f188df89b5cc27622cd73f1a031d098e292d18b 100644 (file)
--- a/sshecc.c
+++ b/sshecc.c
@@ -1770,6 +1770,7 @@ static void *ecdsa_newkey(const struct ssh_signkey *self,
     /* Curve name is duplicated for Weierstrass form */
     if (curve->type == EC_WEIERSTRASS) {
         getstring(&data, &len, &p, &slen);
+       if (!p) return NULL;
         if (!match_ssh_id(slen, p, curve->name)) return NULL;
     }
 
local copy of git://git.tartarus.org/simon/putty.git