From 85cc0e3088ce09c02e919be2d9de6be4b40af2c1 Mon Sep 17 00:00:00 2001 From: Andre Noll Date: Fri, 14 Sep 2007 11:14:41 +0200 Subject: [PATCH] rc4: Round up output buffer size. valgrind indicated that RC4() writes beyond the end of the output buffer which was was of the same size than the input buffer. Workaround this by rounding up the output buffer size to a multiple of 8. --- net.c | 3 ++- para.h | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/net.c b/net.c index c5f33c82..3dcd9c0b 100644 --- a/net.c +++ b/net.c @@ -151,7 +151,8 @@ int send_bin_buffer(int fd, const char *buf, size_t len) cf = crypt_data_array[fd].send; if (cf) { void *private = crypt_data_array[fd].private_data; - unsigned char *outbuf = para_malloc(len); + /* RC4 may write more than len to the output buffer */ + unsigned char *outbuf = para_malloc(ROUND_UP(len, 8)); (*cf)(len, (unsigned char *)buf, outbuf, private); ret = sendall(fd, (char *)outbuf, &len); free(outbuf); diff --git a/para.h b/para.h index eb99ec68..a580b14c 100644 --- a/para.h +++ b/para.h @@ -206,3 +206,5 @@ static inline int para_random(unsigned max) return ((max + 0.0) * (rand() / (RAND_MAX + 1.0))); } +/* Round up x to a multiple of y */ +#define ROUND_UP(x, y) (((x) + (y - 1) / (y)) * (y)) -- 2.39.5