===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/dh.c,v
retrieving revision 1.46
retrieving revision 1.47
diff -u -r1.46 -r1.47
--- src/usr.bin/ssh/dh.c	2008/04/13 00:22:17	1.46
+++ src/usr.bin/ssh/dh.c	2008/06/26 09:19:39	1.47
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.c,v 1.46 2008/04/13 00:22:17 djm Exp $ */
+/* $OpenBSD: dh.c,v 1.47 2008/06/26 09:19:39 djm Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  *
@@ -43,6 +43,7 @@
 	char *cp, *arg;
 	char *strsize, *gen, *prime;
 	const char *errstr = NULL;
+	long long n;
 
 	cp = line;
 	if ((arg = strdelim(&cp)) == NULL)
@@ -59,11 +60,23 @@
 	arg = strsep(&cp, " "); /* type */
 	if (cp == NULL || *arg == '\0')
 		goto fail;
+	/* Ensure this is a safe prime */
+	n = strtonum(arg, 0, 5, &errstr);
+	if (errstr != NULL || n != MODULI_TYPE_SAFE)
+		goto fail;
 	arg = strsep(&cp, " "); /* tests */
 	if (cp == NULL || *arg == '\0')
 		goto fail;
+	/* Ensure prime has been tested and is not composite */
+	n = strtonum(arg, 0, 0x1f, &errstr);
+	if (errstr != NULL ||
+	    (n & MODULI_TESTS_COMPOSITE) || !(n & ~MODULI_TESTS_COMPOSITE))
+		goto fail;
 	arg = strsep(&cp, " "); /* tries */
 	if (cp == NULL || *arg == '\0')
+		goto fail;
+	n = strtonum(arg, 0, 1<<30, &errstr);
+	if (errstr != NULL || n == 0)
 		goto fail;
 	strsize = strsep(&cp, " "); /* size */
 	if (cp == NULL || *strsize == '\0' ||