aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorred-001 <red-001@outlook.ie>2018-06-26 09:02:26 +0100
committerLoïc Blot <nerzhul@users.noreply.github.com>2018-06-26 10:02:26 +0200
commit7bdf5eae05f63a98a13e520f98e68b9e7d9d544b (patch)
tree30b24c2fdc475ec96ab96ba95ad59fb5d2c6f4a5
parentae8ae6c9062cde3f8bc388f4ab23c6ff65b5af40 (diff)
downloadminetest-7bdf5eae05f63a98a13e520f98e68b9e7d9d544b.tar.gz
minetest-7bdf5eae05f63a98a13e520f98e68b9e7d9d544b.tar.bz2
minetest-7bdf5eae05f63a98a13e520f98e68b9e7d9d544b.zip
Fix buffer overrun in SRP (#7484)
The old code got a pointer to the array instead of the first element, this resulted in a buffer overflow when the function was used more than once.
-rw-r--r--src/util/srp.cpp2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/util/srp.cpp b/src/util/srp.cpp
index 9aed9eb0c..a3452e022 100644
--- a/src/util/srp.cpp
+++ b/src/util/srp.cpp
@@ -613,7 +613,7 @@ SRP_Result srp_create_salted_verification_key( SRP_HashAlgorithm alg,
if (fill_buff() != SRP_OK) goto error_and_exit;
*bytes_s = (unsigned char *)srp_alloc(size_to_fill);
if (!*bytes_s) goto error_and_exit;
- memcpy(*bytes_s, &g_rand_buff + g_rand_idx, size_to_fill);
+ memcpy(*bytes_s, &g_rand_buff[g_rand_idx], size_to_fill);
g_rand_idx += size_to_fill;
}