diff --git a/ChangeLog b/ChangeLog
index 65933c7bb..87d7ff7e7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -57,6 +57,9 @@
    - markus@cvs.openbsd.org 2001/06/23 03:04:42
      [auth2.c auth-rh-rsa.c]
      restore correct ignore_user_known_hosts logic.
+   - markus@cvs.openbsd.org 2001/06/23 05:26:02
+     [key.c]
+     handle sigature of size 0 (some broken clients send this).
 
 20010622
  - (stevesk) handle systems without pw_expire and pw_change.
@@ -5741,4 +5744,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.1311 2001/06/25 04:40:49 mouring Exp $
+$Id: ChangeLog,v 1.1312 2001/06/25 04:42:20 mouring Exp $
diff --git a/key.c b/key.c
index 3b9f9f786..84306a9b0 100644
--- a/key.c
+++ b/key.c
@@ -32,7 +32,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: key.c,v 1.25 2001/04/17 10:53:24 markus Exp $");
+RCSID("$OpenBSD: key.c,v 1.26 2001/06/23 05:26:02 markus Exp $");
 
 #include <openssl/evp.h>
 
@@ -768,6 +768,9 @@ key_verify(
     u_char *signature, int signaturelen,
     u_char *data, int datalen)
 {
+	if (signaturelen == 0)
+		return -1;
+
 	switch(key->type){
 	case KEY_DSA:
 		return ssh_dss_verify(key, signature, signaturelen, data, datalen);