From e5a4d6bb1e2ca7f81bc99b5d543cd5a0e5ffc693 Mon Sep 17 00:00:00 2001 From: Andre Noll Date: Fri, 14 Sep 2007 11:16:27 +0200 Subject: [PATCH] rc4: Round up output buffer size. valgrind indicated that RC4() writes beyond the end of the output buffer which was was of the same size than the input buffer. Workaround this by rounding up the output buffer size to a multiple of 8. --- net.c | 3 ++- para.h | 3 +++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/net.c b/net.c index bc7d234b..88eb20e5 100644 --- a/net.c +++ b/net.c @@ -151,7 +151,8 @@ int send_bin_buffer(int fd, const char *buf, size_t len) cf = crypt_data_array[fd].send; if (cf) { void *private = crypt_data_array[fd].private_data; - unsigned char *outbuf = para_malloc(len); + /* RC4 may write more than len to the output buffer */ + unsigned char *outbuf = para_malloc(ROUND_UP(len, 8)); (*cf)(len, (unsigned char *)buf, outbuf, private); ret = sendall(fd, (char *)outbuf, &len); free(outbuf); diff --git a/para.h b/para.h index a4753d4b..5197360d 100644 --- a/para.h +++ b/para.h @@ -205,3 +205,6 @@ __printf_2_3 void para_log(int, const char*, ...); p = para_realloc(p, size); \ } \ } + +/* Round up x to a multiple of y */ +#define ROUND_UP(x, y) (((x) + (y - 1) / (y)) * (y)) -- 2.39.5