diff -u ../ssh-1.2.27/rsaglue.c ./rsaglue.c
--- ../ssh-1.2.27/rsaglue.c     Wed Nov 17 19:04:53 1999
+++ ./rsaglue.c Wed Nov 24 16:00:54 1999
@@ -143,6 +143,10 @@
 
   input_bits = mpz_sizeinbase(input, 2);
   input_len = (input_bits + 7) / 8;
+  if(input_bits > MAX_RSA_MODULUS_BITS)
+    fatal("Attempted to encrypt a block too large (%d bits, %d max) (malicious?).",
+         input_bits, MAX_RSA_MODULUS_BITS);
+
   gmp_to_rsaref(input_data, input_len, input);
 
   rsaref_public_key(&public_key, key);
@@ -176,6 +180,10 @@
   
   input_bits = mpz_sizeinbase(input, 2);
   input_len = (input_bits + 7) / 8;
+  if(input_bits > MAX_RSA_MODULUS_BITS)
+    fatal("Received session key too long (%d bits, %d max) (malicious?).",
+         input_bits, MAX_RSA_MODULUS_BITS);
+
   gmp_to_rsaref(input_data, input_len, input);
 
   rsaref_private_key(&private_key, key);