diff svr-authpubkey.c @ 1372:de1d895b1cae fuzz

don't exit encountering short lines
author Matt Johnston <matt@ucc.asn.au>
date Thu, 25 May 2017 00:10:18 +0800
parents 10df23099071
children 9e9c8d37fd56
line wrap: on
line diff
--- a/svr-authpubkey.c	Thu May 25 00:09:40 2017 +0800
+++ b/svr-authpubkey.c	Thu May 25 00:10:18 2017 +0800
@@ -200,6 +200,10 @@
 		return DROPBEAR_FAILURE; /* line is too short for it to be a valid key */
 	}
 
+	/* compare the algorithm. +3 so we have enough bytes to read a space and some base64 characters too. */
+	if (line->pos + algolen+3 > line->len) {
+		goto out;
+	}
 	/* check the key type */
 	if (strncmp((const char *) buf_getptr(line, algolen), algo, algolen) != 0) {
 		int is_comment = 0;