diff options
| author | Matt Johnston <matt@ucc.asn.au> | 2017-06-16 22:35:18 +0800 |
|---|---|---|
| committer | Matt Johnston <matt@ucc.asn.au> | 2017-06-16 22:35:18 +0800 |
| commit | e3246ceb7e5e1d49b0a751012c064957518e483c (patch) | |
| tree | c5c9c9a57926cc4626936b9a874b3a0fd8378aa1 /dss.c | |
| parent | 88ce30beb62716b000289d255deca50006880633 (diff) | |
check p and q lengths
--HG--
branch : fuzz
Diffstat (limited to 'dss.c')
| -rw-r--r-- | dss.c | 13 |
1 files changed, 10 insertions, 3 deletions
@@ -61,8 +61,15 @@ int buf_get_dss_pub_key(buffer* buf, dropbear_dss_key *key) { goto out; } - if (mp_count_bits(key->p) < MIN_DSS_KEYLEN) { - dropbear_log(LOG_WARNING, "DSS key too short"); + if (mp_count_bits(key->p) < DSS_P_BITS) { + dropbear_log(LOG_WARNING, "Bad DSS p"); + TRACE(("leave buf_get_dss_pub_key: short key")) + ret = DROPBEAR_FAILURE; + goto out; + } + + if (mp_count_bits(key->q) < DSS_Q_BITS) { + dropbear_log(LOG_WARNING, "Bad DSS q"); TRACE(("leave buf_get_dss_pub_key: short key")) ret = DROPBEAR_FAILURE; goto out; @@ -94,7 +101,7 @@ int buf_get_dss_priv_key(buffer* buf, dropbear_dss_key *key) { m_mp_alloc_init_multi(&key->x, NULL); ret = buf_getmpint(buf, key->x); if (ret == DROPBEAR_FAILURE) { - m_mp_free_multi(&key->x); + m_mp_free_multi(&key->x, NULL); } return ret; |