Mercurial > dropbear
comparison dss.c @ 1413:79582b52a791 fuzz
check p and q lengths
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Fri, 16 Jun 2017 22:35:18 +0800 |
| parents | 771e4a7051e0 |
| children | 2d937dc44851 |
comparison
equal
deleted
inserted
replaced
| 1411:798854f62430 | 1413:79582b52a791 |
|---|---|
| 59 TRACE(("leave buf_get_dss_pub_key: failed reading mpints")) | 59 TRACE(("leave buf_get_dss_pub_key: failed reading mpints")) |
| 60 ret = DROPBEAR_FAILURE; | 60 ret = DROPBEAR_FAILURE; |
| 61 goto out; | 61 goto out; |
| 62 } | 62 } |
| 63 | 63 |
| 64 if (mp_count_bits(key->p) < MIN_DSS_KEYLEN) { | 64 if (mp_count_bits(key->p) < DSS_P_BITS) { |
| 65 dropbear_log(LOG_WARNING, "DSS key too short"); | 65 dropbear_log(LOG_WARNING, "Bad DSS p"); |
| 66 TRACE(("leave buf_get_dss_pub_key: short key")) | |
| 67 ret = DROPBEAR_FAILURE; | |
| 68 goto out; | |
| 69 } | |
| 70 | |
| 71 if (mp_count_bits(key->q) < DSS_Q_BITS) { | |
| 72 dropbear_log(LOG_WARNING, "Bad DSS q"); | |
| 66 TRACE(("leave buf_get_dss_pub_key: short key")) | 73 TRACE(("leave buf_get_dss_pub_key: short key")) |
| 67 ret = DROPBEAR_FAILURE; | 74 ret = DROPBEAR_FAILURE; |
| 68 goto out; | 75 goto out; |
| 69 } | 76 } |
| 70 | 77 |
| 92 } | 99 } |
| 93 | 100 |
| 94 m_mp_alloc_init_multi(&key->x, NULL); | 101 m_mp_alloc_init_multi(&key->x, NULL); |
| 95 ret = buf_getmpint(buf, key->x); | 102 ret = buf_getmpint(buf, key->x); |
| 96 if (ret == DROPBEAR_FAILURE) { | 103 if (ret == DROPBEAR_FAILURE) { |
| 97 m_mp_free_multi(&key->x); | 104 m_mp_free_multi(&key->x, NULL); |
| 98 } | 105 } |
| 99 | 106 |
| 100 return ret; | 107 return ret; |
| 101 } | 108 } |
| 102 | 109 |