diff options
author | red-001 <red-001@outlook.ie> | 2018-06-26 09:02:26 +0100 |
---|---|---|
committer | Loïc Blot <nerzhul@users.noreply.github.com> | 2018-06-26 10:02:26 +0200 |
commit | 7bdf5eae05f63a98a13e520f98e68b9e7d9d544b (patch) | |
tree | 30b24c2fdc475ec96ab96ba95ad59fb5d2c6f4a5 | |
parent | ae8ae6c9062cde3f8bc388f4ab23c6ff65b5af40 (diff) | |
download | minetest-7bdf5eae05f63a98a13e520f98e68b9e7d9d544b.tar.gz minetest-7bdf5eae05f63a98a13e520f98e68b9e7d9d544b.tar.bz2 minetest-7bdf5eae05f63a98a13e520f98e68b9e7d9d544b.zip |
Fix buffer overrun in SRP (#7484)
The old code got a pointer to the array instead of the first element, this resulted in a buffer overflow when the function was used more than once.
-rw-r--r-- | src/util/srp.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/util/srp.cpp b/src/util/srp.cpp index 9aed9eb0c..a3452e022 100644 --- a/src/util/srp.cpp +++ b/src/util/srp.cpp @@ -613,7 +613,7 @@ SRP_Result srp_create_salted_verification_key( SRP_HashAlgorithm alg, if (fill_buff() != SRP_OK) goto error_and_exit; *bytes_s = (unsigned char *)srp_alloc(size_to_fill); if (!*bytes_s) goto error_and_exit; - memcpy(*bytes_s, &g_rand_buff + g_rand_idx, size_to_fill); + memcpy(*bytes_s, &g_rand_buff[g_rand_idx], size_to_fill); g_rand_idx += size_to_fill; } |