From: Mathew Heard Date: Mon, 12 Jul 2021 02:53:45 +0000 (+1000) Subject: Fix overrun in prf() if hmac size not divisible into key size X-Git-Url: https://tinc-vpn.org/git/browse?a=commitdiff_plain;h=fffec0d63e08dc57688b78b0c6bf98db252a1aa8;p=tinc Fix overrun in prf() if hmac size not divisible into key size Not seen only due to chacha having a 64byte key and a 64byte HMAC (SHA512) being used --- diff --git a/src/openssl/prf.c b/src/openssl/prf.c index 37af2ef5..f1f3d172 100644 --- a/src/openssl/prf.c +++ b/src/openssl/prf.c @@ -67,11 +67,13 @@ static bool prf_xor(int nid, const char *secret, size_t secretlen, char *seed, s } /* XOR the results of the outer HMAC into the out buffer */ - for(size_t i = 0; i < len && i < outlen; i++) { + size_t i; + + for(i = 0; i < len && i < outlen; i++) { *out++ ^= hash[i]; } - outlen -= len; + outlen -= i; } digest_close(digest);