Fix overrun in prf() if hmac size not divisible into key size

author Mathew Heard <splitice@users.noreply.github.com>

Mon, 12 Jul 2021 02:53:45 +0000 (12:53 +1000)

committer Mathew Heard <mheard@x4b.net>

Mon, 12 Jul 2021 02:54:56 +0000 (12:54 +1000)
author Mathew Heard <splitice@users.noreply.github.com>
Mon, 12 Jul 2021 02:53:45 +0000 (12:53 +1000)
committer Mathew Heard <mheard@x4b.net>
Mon, 12 Jul 2021 02:54:56 +0000 (12:54 +1000)
diff --git a/src/openssl/prf.c b/src/openssl/prf.c

index 37af2ef..f1f3d17 100644 (file)
--- a/src/openssl/prf.c
+++ b/src/openssl/prf.c
@@ -67,11 +67,13 @@ static bool prf_xor(int nid, const char *secret, size_t secretlen, char *seed, s
                 }
  
                 /* XOR the results of the outer HMAC into the out buffer */
-               for(size_t i = 0; i < len && i < outlen; i++) {
+               size_t i;
+
+               for(i = 0; i < len && i < outlen; i++) {
                         *out++ ^= hash[i];
                 }
  
-               outlen -= len;
+               outlen -= i;
         }
  
         digest_close(digest);
author	Mathew Heard <splitice@users.noreply.github.com>
	Mon, 12 Jul 2021 02:53:45 +0000 (12:53 +1000)
committer	Mathew Heard <mheard@x4b.net>
	Mon, 12 Jul 2021 02:54:56 +0000 (12:54 +1000)