# HG changeset patch # User Matt Johnston # Date 1495722083 -28800 # Node ID 9e9c8d37fd56f7ae79b91ddd01b6126037ecd816 # Parent d8215479a58aa2b4abab1a7654d83721d3f83564 limit input size diff -r d8215479a58a -r 9e9c8d37fd56 svr-authpubkey.c --- a/svr-authpubkey.c Thu May 25 22:20:10 2017 +0800 +++ b/svr-authpubkey.c Thu May 25 22:21:23 2017 +0800 @@ -195,9 +195,9 @@ unsigned int pos, len; int ret = DROPBEAR_FAILURE; - if (line->len < MIN_AUTHKEYS_LINE) { - TRACE(("checkpubkey: line too short")) - return DROPBEAR_FAILURE; /* line is too short for it to be a valid key */ + if (line->len < MIN_AUTHKEYS_LINE || line->len > MAX_AUTHKEYS_LINE) { + TRACE(("checkpubkey: bad line length %d", line->len)) + return DROPBEAR_FAILURE; } /* compare the algorithm. +3 so we have enough bytes to read a space and some base64 characters too. */