projects / tinc / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix overrun in prf() if hmac size not divisible into key size
[tinc] / src / openssl / prf.c
diff --git a/src/openssl/prf.c b/src/openssl/prf.c
index 37af2ef..f1f3d17 100644 (file)
--- a/src/openssl/prf.c
+++ b/src/openssl/prf.c
@@ -67,11 +67,13 @@ static bool prf_xor(int nid, const char *secret, size_t secretlen, char *seed, s
                }
 
                /* XOR the results of the outer HMAC into the out buffer */
-               for(size_t i = 0; i < len && i < outlen; i++) {
+               size_t i;
+
+               for(i = 0; i < len && i < outlen; i++) {
                        *out++ ^= hash[i];
                }
 
-               outlen -= len;
+               outlen -= i;
        }
 
        digest_close(digest);
tinc, the VPN daemon