From: Simon Tatham <anakin@pobox.com>
Date: Sat, 4 Aug 2001 12:37:43 +0000 (+0000)
Subject: Fix segfault if the server maliciously sends the wrong type of key
X-Git-Tag: 0.52~265
X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=commitdiff_plain;ds=sidebyside;h=4fb01728e155184d712fd32f7408a43fe7387bcf;p=PuTTY.git

Fix segfault if the server maliciously sends the wrong type of key
after a different type has been agreed.

[originally from svn r1165]
---

diff --git a/ssh.c b/ssh.c
index e2c2d737..a41e3bf4 100644
--- a/ssh.c
+++ b/ssh.c
@@ -2955,8 +2955,9 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt)
 #endif
 
     hkey = hostkey->newkey(hostkeydata, hostkeylen);
-    if (!hostkey->verifysig(hkey, sigdata, siglen, exchange_hash, 20)) {
-	bombout(("Server failed host key check"));
+    if (!hkey ||
+	!hostkey->verifysig(hkey, sigdata, siglen, exchange_hash, 20)) {
+	bombout(("Server's host key did not match the signature supplied"));
 	crReturn(0);
     }