diff options
| author |   djm <djm@openbsd.org> | 2014-02-27 08:25:09 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2014-02-27 08:25:09 +0000 |
| commit | 707b0b80d48b984f28e3cc8f851e9f63d2bb0ca3 (patch) | |
| tree | a2ad07e48831963e9166bf20e87e82dd0c5dad30 | |
| parent | fix unsigned overflow that could lead to reading a short ssh protocol (diff) | |
| download | wireguard-openbsd-707b0b80d48b984f28e3cc8f851e9f63d2bb0ca3.tar.xz wireguard-openbsd-707b0b80d48b984f28e3cc8f851e9f63d2bb0ca3.zip | |
off by one in range check
| -rw-r--r-- | usr.bin/ssh/bufbn.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr.bin/ssh/bufbn.c b/usr.bin/ssh/bufbn.c index 26286b59199..301922a624b 100644 --- a/usr.bin/ssh/bufbn.c +++ b/usr.bin/ssh/bufbn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bufbn.c,v 1.10 2014/02/27 00:41:49 djm Exp $*/ +/* $OpenBSD: bufbn.c,v 1.11 2014/02/27 08:25:09 djm Exp $*/ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -106,7 +106,7 @@ buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value) return (-1); } bits = get_u16(buf); - if (bits > 65536-7) { + if (bits > 65535-7) { error("buffer_get_bignum_ret: cannot handle BN of size %d", bits); return (-1); |