head	1.2;
access;
symbols
	RELEASE_4_6_2:1.1
	RELEASE_4_6_1:1.1
	ssh_1_2_27:1.1
	RELEASE_4_6_0:1.1
	RELEASE_5_0_DP1:1.1
	RELEASE_4_5_0:1.1
	RELEASE_4_4_0:1.1
	RELEASE_4_3_0:1.1
	RELEASE_4_2_0:1.1
	RELEASE_4_1_1:1.1
	RELEASE_4_1_0:1.1
	RELEASE_3_5_0:1.1
	RELEASE_4_0_0:1.1
	RELEASE_3_4_0:1.1;
locks; strict;
comment	@# @;


1.2
date	2002.06.29.18.13.36;	author obrien;	state dead;
branches;
next	1.1;

1.1
date	99.11.16.07.21.36;	author imp;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update to version 1.2.28.
@
text
@--- rsaglue.c.orig	Tue Nov  9 11:12:32 1999
+++ rsaglue.c	Tue Nov  9 11:17:58 1999
@@@@ -139,6 +139,10 @@@@

   input_bits = mpz_sizeinbase(input, 2);
   input_len = (input_bits + 7) / 8;
+  if(input_bits > MAX_RSA_MODULUS_BITS)
+    fatal("Attempted to encrypt a block too large (%d bits, %d max) (malicious?).",
+    	input_bits, MAX_RSA_MODULUS_BITS);
+
   gmp_to_rsaref(input_data, input_len, input);

   rsaref_public_key(&public_key, key);
@@@@ -172,6 +176,10 @@@@

   input_bits = mpz_sizeinbase(input, 2);
   input_len = (input_bits + 7) / 8;
+  if(input_bits > MAX_RSA_MODULUS_BITS)
+    fatal("Received session key too long (%d bits, %d max) (malicious?).",
+    	input_bits, MAX_RSA_MODULUS_BITS);
+
   gmp_to_rsaref(input_data, input_len, input);

   rsaref_private_key(&private_key, key);

@


1.1
log
@Don't overflow rsa bits.  As seen on bugtraq and elsewhere.

Submitted by: drow@@false.org
Reviewed by: ache
PR: 14749
@
text
@@

