From: Andre Noll <maan@systemlinux.org>
Date: Fri, 14 Sep 2007 09:14:41 +0000 (+0200)
Subject: rc4: Round up output buffer size.
X-Git-Tag: v0.3.0~418
X-Git-Url: http://git.tue.mpg.de/?a=commitdiff_plain;h=85cc0e3088ce09c02e919be2d9de6be4b40af2c1;p=paraslash.git

rc4: Round up output buffer size.

valgrind indicated that RC4() writes beyond the end of the output buffer which
was was of the same size than the input buffer. Workaround this by rounding up
the output buffer size to a multiple of 8.
---

diff --git a/net.c b/net.c
index c5f33c82..3dcd9c0b 100644
--- a/net.c
+++ b/net.c
@@ -151,7 +151,8 @@ int send_bin_buffer(int fd, const char *buf, size_t len)
 		cf = crypt_data_array[fd].send;
 	if (cf) {
 		void *private = crypt_data_array[fd].private_data;
-		unsigned char *outbuf = para_malloc(len);
+		/* RC4 may write more than len to the output buffer */
+		unsigned char *outbuf = para_malloc(ROUND_UP(len, 8));
 		(*cf)(len, (unsigned char *)buf, outbuf, private);
 		ret = sendall(fd, (char *)outbuf, &len);
 		free(outbuf);
diff --git a/para.h b/para.h
index eb99ec68..a580b14c 100644
--- a/para.h
+++ b/para.h
@@ -206,3 +206,5 @@ static inline int para_random(unsigned max)
 	return ((max + 0.0) * (rand() / (RAND_MAX + 1.0)));
 }
 
+/* Round up x to a multiple of y */
+#define ROUND_UP(x, y) (((x) + (y - 1) / (y)) * (y))