$NetBSD: patch-CVE-2013-4852-2,v 1.2.2.2 2013/08/21 21:59:57 tron Exp $

--- src/putty/sshrsa.c.orig	2009-01-03 15:44:15.000000000 +0000
+++ src/putty/sshrsa.c
@@ -450,6 +450,8 @@ static void getstring(char **data, int *
     if (*datalen < 4)
 	return;
     *length = GET_32BIT(*data);
+    if (*length < 0)
+	return;
     *datalen -= 4;
     *data += 4;
     if (*datalen < *length)
