From 6870dcf05dd994aafb634a06f5736a671b9eaf1b Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Tue, 29 Aug 2006 13:12:01 +0000
Subject: Allow for 4k ssh keys and better error reporting.

---
 agent/command-ssh.c | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'agent/command-ssh.c')

diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index 4e81aa2f2..d038768fe 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -526,6 +526,15 @@ stream_read_mpi (estream_t stream, unsigned int secure, gcry_mpi_t *mpint)
   if (err)
     goto out;
 
+  /* To avoid excessive use of secure memory we check that an MPI is
+     not too large. */
+  if (mpi_data_size > 520)
+    {
+      log_error (_("ssh keys greater than %d bits are not supported\n"), 4096);
+      err = GPG_ERR_TOO_LARGE;
+      goto out;
+    }
+
   err = gcry_mpi_scan (&mpi, GCRYMPI_FMT_STD, mpi_data, mpi_data_size, NULL);
   if (err)
     goto out;
-- 
cgit v1.2.3