===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/kexgexs.c,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- src/usr.bin/ssh/kexgexs.c	2015/12/04 16:41:28	1.26
+++ src/usr.bin/ssh/kexgexs.c	2016/05/31 23:46:14	1.27
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexs.c,v 1.26 2015/12/04 16:41:28 markus Exp $ */
+/* $OpenBSD: kexgexs.c,v 1.27 2016/05/31 23:46:14 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -84,7 +84,7 @@
 	nbits = MIN(DH_GRP_MAX, nbits);
 
 	if (kex->max < kex->min || kex->nbits < kex->min ||
-	    kex->max < kex->nbits) {
+	    kex->max < kex->nbits || kex->max < DH_GRP_MIN) {
 		r = SSH_ERR_DH_GEX_OUT_OF_RANGE;
 		goto out;
 	}