===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/Attic/auth-rsa.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- src/usr.bin/ssh/Attic/auth-rsa.c	1999/10/27 16:37:45	1.6
+++ src/usr.bin/ssh/Attic/auth-rsa.c	1999/11/02 19:42:34	1.7
@@ -16,7 +16,7 @@
 */
 
 #include "includes.h"
-RCSID("$Id: auth-rsa.c,v 1.6 1999/10/27 16:37:45 deraadt Exp $");
+RCSID("$Id: auth-rsa.c,v 1.7 1999/11/02 19:42:34 markus Exp $");
 
 #include "rsa.h"
 #include "packet.h"
@@ -91,7 +91,8 @@
 
   /* The response is MD5 of decrypted challenge plus session id. */
   len = BN_num_bytes(challenge);
-  assert(len <= 32 && len);
+  if (len <= 0 || len > 32)
+    fatal("auth_rsa_challenge_dialog: bad challenge length %d", len);
   memset(buf, 0, 32);
   BN_bn2bin(challenge, buf + 32 - len);
   MD5_Init(&md);