From 5cd003d9e6d36fcca0ef40f12b8c8e4e540c58c7 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Mon, 14 Aug 2017 00:00:10 +0800
Subject: [PATCH] check dss g range

--HG--
branch : fuzz
---
 dss.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/dss.c b/dss.c
index 8f80421..fc91ff2 100644
--- a/dss.c
+++ b/dss.c
@@ -73,6 +73,18 @@ int buf_get_dss_pub_key(buffer* buf, dropbear_dss_key *key) {
 		goto out;
 	}
 
+	/* test 1 < g < p */
+	if (mp_cmp_d(key->g, 1) != MP_GT) {
+		dropbear_log(LOG_WARNING, "Bad DSS g");
+		ret = DROPBEAR_FAILURE;
+		goto out;
+	}
+	if (mp_cmp(key->g, key->p) != MP_LT) {
+		dropbear_log(LOG_WARNING, "Bad DSS g");
+		ret = DROPBEAR_FAILURE;
+		goto out;
+	}
+
 	ret = DROPBEAR_SUCCESS;
 	TRACE(("leave buf_get_dss_pub_key: success"))
 out: