- OpenBSD CVS Sync

   - provos@cvs.openbsd.org 2001/03/28 22:04:57
     [dh.c]
     more sanity checking on primes file

2 files changed, 17 insertions, 11 deletions

diff --git a/ChangeLog b/ChangeLog
index ddddadf5a..c7266684e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,9 @@
    - provos@cvs.openbsd.org 2001/03/28 21:59:41
      [kex.c kex.h sshconnect2.c sshd.c]
      forgot to include min and max params in hash, okay markus@
+   - provos@cvs.openbsd.org 2001/03/28 22:04:57
+     [dh.c]
+     more sanity checking on primes file
 
 20010329
  - OpenBSD CVS Sync
@@ -4774,4 +4777,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.1036 2001/03/30 00:47:14 djm Exp $
+$Id: ChangeLog,v 1.1037 2001/03/30 00:47:43 djm Exp $
diff --git a/dh.c b/dh.c
index 5f441ee1c..636758fa8 100644
--- a/dh.c
+++ b/dh.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: dh.c,v 1.9 2001/03/27 17:46:49 provos Exp $");
+RCSID("$OpenBSD: dh.c,v 1.10 2001/03/28 22:04:57 provos Exp $");
 
 #include "xmalloc.h"
 
@@ -79,18 +79,21 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
                 goto fail;
 
         dhg->g = BN_new();
-        if (BN_hex2bn(&dhg->g, gen) < 0) {
-                BN_free(dhg->g);
-                goto fail;
-        }
         dhg->p = BN_new();
-        if (BN_hex2bn(&dhg->p, prime) < 0) {
-                BN_free(dhg->g);
-                BN_free(dhg->p);
-                goto fail;
-        }
+        if (BN_hex2bn(&dhg->g, gen) < 0)
+                goto failclean;
+
+        if (BN_hex2bn(&dhg->p, prime) < 0)
+                goto failclean;
+
+        if (BN_num_bits(dhg->p) != dhg->size)
+                goto failclean;
 
         return (1);
+
+ failclean:
+        BN_free(dhg->g);
+        BN_free(dhg->p);
  fail:
         error("Bad prime description in line %d", linenum);
         return (0);