diff options
Diffstat (limited to 'sshkey.c')
-rw-r--r-- | sshkey.c | 9 |
1 files changed, 6 insertions, 3 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshkey.c,v 1.38 2016/09/12 23:31:27 djm Exp $ */ | 1 | /* $OpenBSD: sshkey.c,v 1.39 2016/09/26 21:16:11 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Alexander von Gernler. All rights reserved. | 4 | * Copyright (c) 2008 Alexander von Gernler. All rights reserved. |
@@ -887,9 +887,12 @@ sshkey_fingerprint_raw(const struct sshkey *k, int dgst_alg, | |||
887 | int nlen = BN_num_bytes(k->rsa->n); | 887 | int nlen = BN_num_bytes(k->rsa->n); |
888 | int elen = BN_num_bytes(k->rsa->e); | 888 | int elen = BN_num_bytes(k->rsa->e); |
889 | 889 | ||
890 | if (nlen < 0 || elen < 0 || nlen >= INT_MAX - elen) { | ||
891 | r = SSH_ERR_INVALID_FORMAT; | ||
892 | goto out; | ||
893 | } | ||
890 | blob_len = nlen + elen; | 894 | blob_len = nlen + elen; |
891 | if (nlen >= INT_MAX - elen || | 895 | if ((blob = malloc(blob_len)) == NULL) { |
892 | (blob = malloc(blob_len)) == NULL) { | ||
893 | r = SSH_ERR_ALLOC_FAIL; | 896 | r = SSH_ERR_ALLOC_FAIL; |
894 | goto out; | 897 | goto out; |
895 | } | 898 | } |