From 345c267661aea1c7acba5402b8efd2ce11faa2ce Mon Sep 17 00:00:00 2001
From: djm <djm@openbsd.org>
Date: Wed, 16 Apr 2014 23:22:45 +0000
Subject: [PATCH] skip leading zero bytes in buffer_put_bignum2_from_string();
 reported by jan AT mojzis.com; ok markus@

---
 usr.bin/ssh/bufaux.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/usr.bin/ssh/bufaux.c b/usr.bin/ssh/bufaux.c
index 61ac9888881..b946b24bb7b 100644
--- a/usr.bin/ssh/bufaux.c
+++ b/usr.bin/ssh/bufaux.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bufaux.c,v 1.56 2014/02/02 03:44:31 djm Exp $ */
+/* $OpenBSD: bufaux.c,v 1.57 2014/04/16 23:22:45 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -370,6 +370,9 @@ buffer_put_bignum2_from_string(Buffer *buffer, const u_char *s, u_int l)
 
 	if (l > 8 * 1024)
 		fatal("%s: length %u too long", __func__, l);
+	/* Skip leading zero bytes */
+	for (; l > 0 && *s == 0; l--, s++)
+		;
 	p = buf = xmalloc(l + 1);
 	/*
 	 * If most significant bit is set then prepend a zero byte to
-- 
2.20.1