[key.c]
Ignore and log any Protocol 1 keys where the claimed size is not equal to
the actual size. Noted by Derek Martin, ok djm@
- dtucker@cvs.openbsd.org 2010/01/13 00:19:04
[sshconnect.c auth.c]
Fix a couple of typos/mispellings in comments
+ - dtucker@cvs.openbsd.org 2010/01/13 01:10:56
+ [key.c]
+ Ignore and log any Protocol 1 keys where the claimed size is not equal to
+ the actual size. Noted by Derek Martin, ok djm@
20100112
- (dtucker) OpenBSD CVS Sync
-/* $OpenBSD: key.c,v 1.81 2009/12/11 18:16:33 markus Exp $ */
+/* $OpenBSD: key.c,v 1.82 2010/01/13 01:10:56 dtucker Exp $ */
/*
* read_bignum():
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
return -1;
if (!read_bignum(cpp, ret->rsa->n))
return -1;
+ /* validate the claimed number of bits */
+ if ((u_int)BN_num_bits(ret->rsa->n) != bits) {
+ verbose("key_read: claimed key size %d does not match "
+ "actual %d", bits, BN_num_bits(ret->rsa->n));
+ return -1;
+ }
success = 1;
break;
case KEY_UNSPEC: