diff options
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | bufbn.c | 4 |
2 files changed, 5 insertions, 2 deletions
@@ -4,6 +4,9 @@ [bufbn.c] fix unsigned overflow that could lead to reading a short ssh protocol 1 bignum value; found by Ben Hawkes; ok deraadt@ + - djm@cvs.openbsd.org 2014/02/27 08:25:09 + [bufbn.c] + off by one in range check 20140227 - OpenBSD CVS Sync @@ -1,4 +1,4 @@ -/* $OpenBSD: bufbn.c,v 1.10 2014/02/27 00:41:49 djm Exp $*/ +/* $OpenBSD: bufbn.c,v 1.11 2014/02/27 08:25:09 djm Exp $*/ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -108,7 +108,7 @@ buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value) return (-1); } bits = get_u16(buf); - if (bits > 65536-7) { + if (bits > 65535-7) { error("buffer_get_bignum_ret: cannot handle BN of size %d", bits); return (-1); |