--- a/svr-authpubkey.c	Sun Oct 06 22:32:03 2013 +0800
+++ b/svr-authpubkey.c	Thu Feb 27 21:35:58 2014 +0800
@@ -89,7 +89,7 @@
 	buffer * signbuf = NULL;
 	sign_key * key = NULL;
 	char* fp = NULL;
-	int type = -1;
+	enum signkey_type type = -1;
 
 	TRACE(("enter pubkeyauth"))
 
@@ -125,15 +125,14 @@
 
 	/* create the data which has been signed - this a string containing
 	 * session_id, concatenated with the payload packet up to the signature */
-	signbuf = buf_new(ses.payload->pos + 4 + SHA1_HASH_SIZE);
-	buf_putstring(signbuf, ses.session_id, SHA1_HASH_SIZE);
+	signbuf = buf_new(ses.payload->pos + 4 + ses.session_id->len);
+	buf_putbufstring(signbuf, ses.session_id);
 	buf_putbytes(signbuf, ses.payload->data, ses.payload->pos);
 	buf_setpos(signbuf, 0);
 
 	/* ... and finally verify the signature */
 	fp = sign_key_fingerprint(keyblob, keybloblen);
-	if (buf_verify(ses.payload, key, buf_getptr(signbuf, signbuf->len),
-				signbuf->len) == DROPBEAR_SUCCESS) {
+	if (buf_verify(ses.payload, key, signbuf) == DROPBEAR_SUCCESS) {
 		dropbear_log(LOG_NOTICE,
 				"Pubkey auth succeeded for '%s' with key %s from %s",
 				ses.authstate.pw_name, fp, svr_ses.addrstring);
@@ -295,8 +294,8 @@
 			options_buf = buf_new(options_len);
 			buf_putbytes(options_buf, options_start, options_len);
 
-			/* compare the algorithm */
-			if (line->pos + algolen > line->len) {
+			/* compare the algorithm. +3 so we have enough bytes to read a space and some base64 characters too. */
+			if (line->pos + algolen+3 > line->len) {
 				continue;
 			}
 			if (strncmp(buf_getptr(line, algolen), algo, algolen) != 0) {