From 5896a4941d5d60598e3ad23a904a72c81501ba5f Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Sat, 24 Jun 2017 01:01:11 +0800
Subject: [PATCH 1/2] test for -pie linker flag as well, for Linux

---
 configure.ac | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index 5d792df..70ed1a7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -58,7 +58,15 @@ if test "$hardenbuild" -eq 1; then
 	LDFLAGS="$LDFLAGS $TESTFLAGS"
 	AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
 	    [AC_MSG_NOTICE([Setting $TESTFLAGS])], 
-	    [AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
+		[
+			LDFLAGS="$OLDLDFLAGS"
+			TESTFLAGS="-pie"
+			LDFLAGS="$LDFLAGS $TESTFLAGS"
+			AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
+				[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+				[AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
+				)
+		]
 	    )
 	# readonly elf relocation sections (relro)
 	OLDLDFLAGS="$LDFLAGS"

From 57690891ce1591d0f18b0604145eb9eb1c29183b Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Sat, 24 Jun 2017 10:32:33 +0800
Subject: [PATCH 2/2] test dss key parameter lengths exactly

---
 dss.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/dss.c b/dss.c
index a3b4dce..9024b80 100644
--- a/dss.c
+++ b/dss.c
@@ -61,16 +61,14 @@ int buf_get_dss_pub_key(buffer* buf, dropbear_dss_key *key) {
 		goto out;
 	}
 
-	if (mp_count_bits(key->p) < DSS_P_BITS) {
+	if (mp_count_bits(key->p) != DSS_P_BITS) {
 		dropbear_log(LOG_WARNING, "Bad DSS p");
-		TRACE(("leave buf_get_dss_pub_key: short key"))
 		ret = DROPBEAR_FAILURE;
 		goto out;
 	}
 
-	if (mp_count_bits(key->q) < DSS_Q_BITS) {
+	if (mp_count_bits(key->q) != DSS_Q_BITS) {
 		dropbear_log(LOG_WARNING, "Bad DSS q");
-		TRACE(("leave buf_get_dss_pub_key: short key"))
 		ret = DROPBEAR_FAILURE;
 		goto out;
 	}