Package: putty / 0.62-9+deb7u3

ssh-1-key-load-length.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
Description: Fix an erroneous length field in SSH-1 key load
 We incremented buf by a few bytes, so we must decrement the
 corresponding length by the same amount, or else makekey() could
 overrun.
 . 
 Thanks to Patrick Coleman for the patch.
Origin: upstream, http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commitdiff;h=1f757928051b6d6ff231b2265bad2d263b0fe3ea
Last-Update: 2015-03-01

Index: b/sshpubk.c
===================================================================
--- a/sshpubk.c
+++ b/sshpubk.c
@@ -67,7 +67,7 @@
     i += 4;
 
     /* Now the serious stuff. An ordinary SSH-1 public key. */
-    i += makekey(buf + i, len, key, NULL, 1);
+    i += makekey(buf + i, len - i, key, NULL, 1);
     if (i < 0)
 	goto end;		       /* overran */